IT – Genium INET – REMINDER – Nasdaq to introduce Two-Factor Authentication (2FA) for CMS Web (54/16)


This IT-Notice contains a technical overview and implementation process of a Two Factor Authentication solution (2FA) for CMS Web. This will impact all Nasdaq Nordic and Nasdaq Commodities members using Nasdaq CMS web tool for collateral management. Information in this IT-Notice is directed to IT staff, administrators of the CMS Web application as well as the end users.

 

Introduction

As previously communicated, Nasdaq will implement a 2FA solution in order to streamline the login procedure to all our web-based applications. First Nasdaq application to adapt the 2FA is the CMS Web application for Genium INET. Other web-based platforms will follow.

The 2FA solution to be implemented is provided by SafeNet and can be used on smartphones, tablets and/or computers. Once 2FA implementation is completed, users will be authenticated with username, password and a one-time passcode generated by the SafeNet MobilePASS app.

 

Timeline

The enrollment period of 2FA for CMS Web will open on October 6th with an expected completion by early December 2016. When the enrollment period starts, users will be requested to enroll as part of the standard login procedure to CMS Web.

Users will have a maximum of three login attempts available using the old authentication method (username & password only) before the enrollment to 2FA is mandated.

 

Enrollment of 2FA for CMS Web


Preparatory steps

The 2FA enrollment process for CMS Web users will start on October 6th. The following preparatory steps are recommended before the enrollment period starts:

  1. Identify the CMS Web Administrator(s) within your company
  2. Identify the CMS Web users within your company
  3. Inform all CMS Web users of the upcoming change and the enrollment process
  4. CMS Web Administrator needs to ensure that all user accounts are individual. All potentially shared accounts need to be changed or removed. With the new 2FA Single Sign-On solution, the use of shared email address will be strongly discouraged
    NOTE: Only use e-mail addresses that are being owned by you as a member, do not use shared or generic email addresses such as username@gmail.com or user.name@hotmail.com
  5. Decide which device(s) should be used for each CMS Web user, and prepare these for token installation (use of smartphones is the recommended option)
  6. Smartphones/Tablets – Download the app SafeNet MobilePASS from Apple App Store, Blackberry AppWorld or the Android Play Store
  7. Desktop computers – Download the applicable SafeNet MobilePASS from
  8. https://safenet.gemalto.com/support-downloads/mobilepass-download-page/

    NOTE: The initial app installation requires local administrative privileges. However, after the installation has been completed, the usage of the MobilePASS software does not require administrative privileges

     

    2FA Enrollment process

    Below is a short step-by-step guide to 2FA enrollment for CMS Web users.

    1. When the enrollment period starts, all users will be prompted with "Important information!" when attempting to login to CMS Web (Collateral Management Web) using User name and Password. Choose "Register Now" in order to proceed with 2FA enrollment
      NOTE: If you don't want to enroll at this time, choose "Continue to CMS Web" instead. This option can be chosen maximum of three times, after that the enrollment to 2FA is mandated
    2. In the "2FA Registration" window, choose "Set up new 2FA account"
    3. In the "2FA Registration - Credentials 1(2)" window, verify the pre-filled information and correct if needed, then "Proceed to account initialization"
    4. In the "2FA Registration - Credentials 2(2)" window, choose "Continue account initialization"
    5. As stated in the "2FA Registration - Initialization" window, an e-mail has been sent to the e-mail address specified in step 3 above. Click on the link provided in this e-mail
    6. In the "2FA Registration - Password 1(2)" window, create a new password for your 2FA account, then "Proceed with account initialization"
    7. In the "2FA Registration - Password 2(2)" window, re-enter the password, then "Complete account initialization"
    8. As stated in the "2FA Registration - Completion" window, an e-mail has been sent to the e-mail address specified in step 3 above. Click on the URL link specified in this e-mail on the device where the token should be enrolled
    9. If not previously done, the MobilePASS app should be installed at this point. Click “Download MobilePASS Installer (.msi)
      NOTE: Administrator rights are required. Ask your IT department for assistance, if needed
    10. Once the MobilePASS app has been installed, choose “Enroll your MobilePASS token
    11. MobilePASS token enrollment:
    12. If you are prompted to choose a method for enrolling the token, choose the “Auto Enrollment” option
    13. In the “Create New Token” view, set a token name, eg. “Nasdaq Token”
    14. In the “Set a Token PIN” view, set a new PIN code for your token (6 digits)
    15. Re-enter the Token PIN
    16. The first generated Passcode appears now in the window. This can be use directly to log in to CMS Web (and in the future to other Nasdaq web applications as well)
      NOTE: A passcode is only valid in 60 seconds, thereafter a new one will be generated
    17. An e-mail stating that the 2FA registration has been completed will be sent to you. This e-mail contains a link to be used in order to login to 2FA and by so reaching CMS Web from now on
    18.  

      After the token enrollment has been completed, CMS Web will be accessed via "Two-Factor Authentication" window, by providing your CMS Web User Name, 2FA-Password set during the enrollment process, and your Passcode generated by your SafeNet MobilePASS app.

      NOTE: Old CMS Web passwords should not be used after the enrollment of 2FA has been completed


       

      New website


      A new website has been launched for providing continuous updates regarding the 2FA project: http://www.nasdaqomx.com/transactions/technicalinformation/2fa

       

      Support


      For questions or concerns regarding the token enrollment, please contact Technical Support:
      technicalsupport@nasdaq.com  +46 8 405 6280

      For CMS user or password questions, please contact Member Services:
      ms.gi@nasdaq.com
        +46 8 405 6660

      For questions regarding this IT Notice, please contact:
      technicalrelations@nasdaq.com


       

      Best regards,

      Technical Relations
      technicalrelations@nasdaq.com


Attachments

IT_Exchange_Notice_ 2FA for CMS Web_Sept_5416.pdf