This version of your inWebo Authenticator 6 application is adding new features as well as cosmetic enhancements. We added Selfcare features (device management and account management) so users will be more autonomous and will require less support. This means that your users will no longer need to access the myinwebo.com portal.
We also added an Audit feature, so users can see their latest activity. And finally we modified the app icon and a few minor graphical elements following the recent rebranding of inWebo.
Finally, we added a confirmation message after a push notification in order to make the user scenario more clear.
You will find below more details about the new features and how to make them available to your users.
In the current Authenticator, a user can activate a new device in the Device menu. Selfcare adds to this feature the list of devices and the ability to lock/unlock, rename and delete. Also, in the “My Account” menu, the user can customize the anti-phishing phrase and the ‘returning’ email used to retrieve access to his account. All these features were previously only available in the myinwebo.com portal.
Note: the Selfcare feature will be enabled by default in the service parameters upon the update, but of course you can disable it.
My Devices menu:
My Account menu:
Two new features are available:
Antiphishing: the user can define a personal and secret sentence to be displayed in Helium or Virtual Authenticator whenever a personal code is requested. This helps the user verify that he is connected to a legitimate inWebo server.
Account recovery: Users can now provide an email to receive an unlock or reactivation code in case of a loss or lock of his trusted devices.
If you activate the Audit feature, users will see a new “Audit” entry in the menu. After entering their pin code, they will have access to the logs of the latest personal activity such as connections, generation of OTP, etc. This information can be useful when discussing with the internal helpdesk.
Note: the Audit feature will be disabled by default.
Message after Authentication
After a push authentication, a message is displayed to the user in order to make it clear that the authentication is sent to the requestor application. In the previous versions of Authenticator, the user was redirected to the Authenticator home, which could create some confusion.
The rebranding will impact the application icon, the embedded inWebo logo and a few color items. These changes will have no functional impact.
Before/after - application icon:
Before/after - logo
Before/after - color
Who is impacted? What is the impact?
Only the standard Authenticator 6 is impacted by the update. If inWebo supplies a specific version of Authenticator, please contact inWebo for more information.
Behavior and recommendation
Authenticator 6 mobile or desktop
Selfcare “ON” by default. Users will still be able to activate a new device. In addition they will be able to manage their devices and define their account parameters.
Selfcare “OFF”: users will not have access to the “My Device” menu.
Audit Off by default. No impact on users. You control the activation.
Authenticator 6 mobile or desktop - specific case of a service configured ‘without pin’
Selfcare “ON” by default
Audit “OFF” by default. No impact on users. If you activate it, same behavior as the Selfcare.
Specific version of Authenticator
How to activate the Selfcare and the Audit?
The activation parameters for both the Selfcare and the Audit are available in the admin console, in the Authenticator section of your service parameters.
On Android 10 & 11: The return arrow on top left in the My Devices and Audit menu does not return to the home. Workaround: open the menu by sliding from the left of the screen, return to the home.
Session expiration: after 5 minutes with no activity in the My Devices, My Account or Audit menu, the ‘return’ arrow on top will not lead to the home page. Workaround: en the menu by sliding from the left of the screen, return to the home.
In My Account, account recovery, the placeholder should be ‘Email address’, not ‘Email adress’
Android: when entering the recovery email, the pad hides the email field, making it difficult to know what is entered
When entering a wrong email in account recovery, the message displayed on top ‘invalid json’ should be more explicit
iOS: some action buttons are not in the same color