IT – Broker Services – Start of enrollment of Two-Factor Authentication (2FA) for TRACK (02/17)


This IT-Notice contains a technical overview and implementation process of a Two Factor Authentication solution, 2FA, for Nasdaq Trade Reporting Web, TRACK. This will impact all Nasdaq Nordic and Nasdaq Commodities members using TRACK for their Regulatory Reports such as EMIR and REMIT. Information in this IT-Notice is directed to IT staff, administrators of the TRACK application as well as the end users.

Introduction

As previously communicated, Nasdaq is in a process of implementing a 2FA solution in order to streamline the login procedure to all our web-based applications. First application to adapt 2FA was CMS Web, and we have now started the next phase, implementation of 2FA for Nasdaq Trade Reporting Web, TRACK.

The 2FA solution to be implemented is provided by SafeNet and can be used on smartphones, tablets and/or computers. Once 2FA implementation is completed, users will be authenticated with username, password and a one-time passcode generated by the SafeNet MobilePASS app/software.

Timeline

The mandatory enrollment period of 2FA for TRACK will open on January 25th with an expected completion by early March. When the enrollment period starts, users will be requested to enroll as part of the standard login procedure to TRACK.

Users will have a maximum of ten (10) attempts available using the old authentication method (username & password only) before the enrollment to 2FA is mandated.

Enrollment of 2FA for TRACK - Prerequisites

Before the enrollment of 2FA, all device(s) to be used for creation of one-time passcodes should be prepared for the MobilePASS app/software and token installation. For easy and trouble-free usage we recommend the use of smartphones, but local software installations are also possible:

  • Smartphones/Tablets – Download the app SafeNet MobilePASS from your Apple App Store, Blackberry AppWorld or the Android Play Store
  • Desktop computers – Download the applicable SafeNet MobilePASS from SafeNet´s webpage. There are two versions available: One version for installation and another for download and execution directly (portable USB flash memory)

NOTE:  Please consult with your IT-department for your internal IT-policy prior to installation!
The initial installation of MobilePASS app/software requires local administrative privileges. If the end user is not allowed to install the app/software, please make it available on the verified platform. After the installation has been completed, the usage of the app/software does not require administrative privileges

 

Preparatory steps


Provided the preparatory steps described further down have been taken, the enrollment process will be fully self-service i.e. the end user can enroll without assistance of Nasdaq or an administrator.

The following preparatory steps are recommended before the enrollment period starts:

  1. Identify the TRACK Administrator(s) within your company. Nasdaq can assist with this if needed
     
  2. Identify the TRACK users within your company. Nasdaq can assist with this if needed
     
  3. Inform all TRACK users of the upcoming change and the enrollment process
     
  4. TRACK Administrator needs to ensure that all user accounts are individual. All potentially shared accounts need to be changed or removed. With the new 2FA Single Sign-On solution, the use of shared email address will be strongly discouraged

NOTE: Only use e-mail addresses that are being owned by you as a member, do not use shared or generic email addresses such as username@gmail.com or user.name@hotmail.com

  1. Please mark email address bbsupport@nasdaq.com as “trusted” in order to avoid information to be lost in the junkmail or hit by a firewall
     
  2. Decide which device(s) should be used for each TRACK user

2FA Enrollment process

Below is a short step-by-step guide to 2FA enrollment for TRACK users:

  1. When the enrollment period starts, all users will be prompted with "Important information!" when attempting to login to TRACK (Nasdaq Trade Reporting Web for EMIR and REMIT) using User name and Password. Choose "Register Now" in order to proceed with 2FA enrollment
    NOTE: If you don't want to enroll at this time, choose "Continue to TRACK Web" instead. This option can be chosen maximum of ten (10) times, after that the enrollment to 2FA is mandated

     
  2. In the "2FA Registration" window, choose "Set up new 2FA account”
    NOTE:
    If you have already completed the enrollment procedure and wish to connect additional accounts to the same 2FA account, then choose “Connect to existing 2FA account” and login with your existing 2FA username, password and token passcode. (The steps 3-10 below are not needed in such case)

     
  3. In the "2FA Registration - Credentials 1(2)" window, verify the pre-filled information and correct if needed, then "Proceed to account initialization"
     
  4. In the "2FA Registration - Credentials 2(2)" window, choose "Continue account initialization"
     
  5. As stated in the "2FA Registration - Initialization" window, an e-mail has been sent to the e-mail address specified in step 3 above. Click on the link provided in this e-mail
     
  6. In the "2FA Registration - Password 1(2)" window, create a new password for your 2FA account, then "Proceed with account initialization"
     
  7. In the "2FA Registration - Password 2(2)" window, re-enter the password, then "Complete account initialization"
     
  8. As stated in the "2FA Registration - Completion" window, an e-mail has been sent to the e-mail address specified in step 3 above. Click on the URL link specified in this e-mail on the device where the token should be enrolled
    • If not previously done, the MobilePASS app should be installed at this point. Click “Download MobilePASS Installer (.msi)
      NOTE: Administrator rights are required. Ask your IT department for assistance, if needed
    • Once the MobilePASS app has been installed, choose “Enroll your MobilePASS token
       
  9. MobilePASS token enrollment:
  • If you are prompted to choose a method for enrolling the token, choose the “Auto Enrollment” option
  • In the “Create New Token” view, set a token name, eg. “Nasdaq Token”
  • In the “Set a Token PIN” view, set a new PIN code for your token (6 digits)
  • Re-enter the Token PIN
  • The first generated Passcode appears now in the window. This can be use directly to log in to TRACK (and other Nasdaq web applications using 2FA as well)
    NOTE: A passcode is only valid in 60 seconds, thereafter a new one will be generated

     
  1. An e-mail stating that the 2FA registration has been completed will be sent to you. This e-mail contains a new web link (URL) to be used in order to login to 2FA and by so reaching TRACK from now on
     

After the token enrollment has been completed, TRACK will be accessed via "Two-Factor Authentication" window, by providing your TRACK Web User Name, 2FA-Password set during the enrollment process, and your Passcode generated by your SafeNet MobilePASS app.

NOTE: Neither old TRACK passwords nor old TRACK web link should be used after the enrollment of 2FA has been completed

 

Contact details for assistance

Please visit our 2FA website for latest updates regarding the 2FA project: http://www.nasdaqomx.com/transactions/technicalinformation/2fa
  

For questions or concerns regarding 2FA or over the supported platforms for the SafeNet MobilePASS, please contact Technical Support:
technicalsupport@nasdaq.com, +46 8 405 6280

For TRACK user or password questions, please contact BB Support:
bbsupport@nasdaq.com, +46 8 405 7400

For questions regarding the TRACK service, please contact Trade Reporting: tradereporting@nasdaq.com

 

Best regards,
 

BB Support


+46 8 405 7400
bbsupport@nasdaq.com


Attachments

IT-Notice_ 2FA for TRACK_Enrollment period start.pdf