Get Started with the Authorization App
The quickstart section provides a comprehensive guide outlining the steps necessary to Download, Install and configure the Securosys Authorization App on your device.
Prerequisites
Before continuing with the Securosys Authorization App on your device, ensure that your HSM infrastructure is prepared beforehand. Depending on your infrastructure make sure to adhere to the following prerequisites, based on your environment: HSM on-premises or CloudHSM
- CloudHSM
- HSM on-premises
- Testing Environment
- CloudHSM - TSBaaS:
- Rest-API access with
TSB_ENGINE
license installed (available in CloudHSM ECO, SBX and PLATINUM services)
- Rest-API access with
Check TSB_ENGINE
License Information
If your subscription supports the Securosys Authorization App, the following license flags should appear:
GET /v1/licenseInfo
{
"clientFlags": [
...
"KEY_AUTH",
"REST_API",
"TSB_ENGINE",
...
]
}
- Primus HSM: Set up and configured successfully, including:
- Device setup completed with the initial wizard
Root Key Store
installed and configured- Enabled security features:
Client API access
,Key Auth
,JCE
,Rest-API
,TSB Workflow Engine
- Created at least one user
- Transaction Security Broker (REST API): Successfully deployed and configured the TSB Docker container with the
TSB_ENGINE
license
For testing purposes, you can create a 90-day free trial partition on the Securosys Cloud platform by visiting https://cloud.securosys.com/.
This trial partition provides a secure, isolated environment where you can explore and test various functionalities of Securosys products without committing to a paid license. The cloud-based environment replicates the full feature set available in production, allowing you to evaluate API integration capabilities. This trial setup is ideal for development, experimentation, or simply gaining hands-on experience with Securosys services.
For more granularity please see chapter Prerequisites.
Downloading and Installing Securosys Authorization App
The registration procedure is performed by the role of an Approver.
- The user which has to download the Securosys Authorization App on the mobile phone.
To start using the Securosys Authorization App, Download and install the latest version on your smartphone. For more granular information and detailed step by step guide, please follow the chapter Installation.
Create Approver
The Approver creation procedure is performed by the role of an Approver Manager.
- Personnel responsible for creating and managing the entire pool of Approver's.
An Approver must first be created before the approver can use the Securosys Authorization App and authorize tasks.
Refer to the REST API curl endpoint below to create an Approver.
Example Create Approver
POST: /v1/approverManagement/create
- Swagger
- CURL
{
"approverName": "finance-officer@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}
Response: Response is a oneTimeCode
to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
curl -X PUT -H "Content-Type: application/json" \
https://tsb-demo.cloudshsm.com/v1/approverManagement/create -d \
'{
"approverName": "finance-officer@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}'
Response: Response is a oneTimeCode
to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
In case of using API-KEY's add the following header to the CURL-Command: -H "X-API-KEY: tsb-x-token_07..."
Next, please provide the following information to the user with the role Approver:
- Approver Name (from above request)
- Backup Password (from above request)
- One Time Code (from above response)
- API Key (optional)
- TSB URL (the rest-api url)
With these information the Approver can now Register their App.
You can verify the onboarding status of the Approver, see chapter Tutorial - Approver Management - Verify Onboarding Status for more information.
For more granularity, please see chapter Tutorial - Approver Management - Create Approver.
Register Approver
The registration procedure is performed by the role of an Approver.
Register as Approver on the Securosys Authorization App by inserting the required credentials provided by your Approver Manager from the previous chapter Create Approver.
For more granular information about the registration credentials and detailed step by step guide to the registration process, please follow the chapter Installation.
Create Policy based Key with multi-authorization
The key creation procedure is performed by the role of an Approver Manager.
By assigning SKA policies to keys, Approvers are granted the ability to authorize approval tasks.
For more detailed information about SKA keys please see:
- How to create a policy-based Key and set up the onboarded Approvers'
certificate
. - How to create a sign request which has to be approved with the Securosys Authorization App.
Using Securosys Authorization App
The Securosys Authorization App allows for authorization of operational and key management tasks where the authorization of an Approver is required as part of a Smart Key Attribute key access policy.
For more granular information and detailed step by step guide, please follow the Tutorial chapter. There you will find usecases such as:
- Obtaining the Public Key or Certificate
- Approving or Cancling Operation Tasks
- Approving or Cancling Key Management Tasks
- New Onboarding
- Configuring Active Biometric Authorization
There are various usecases for the Securosys Authorization App. See Usecases for more use case examples and their documentation.