User manual¶

Excalibur¶

Excalibur acts as security token for passwordless authentication using your mobile phone to verify authentication factors such as Location, PIN, Fingerprint, Face ID, etc.

To start using Excalibur you need to install Excalibur mobile phone application first. Please download it from https://getexcalibur.com (in the footer) and proceed with Registration

Excalibur login screen¶

Excalibur login screen is simple User Interface whose core component is dynamically changing QR code.

From login screen you may:

1. Login to your PC
2. Self-Register into Excalibur
3. Check Excalibur Server connection status
4. Connect to networks or VPN adapters
5. Switch language
6. Switch keyboard settings
7. Open built-in Help section for better User Experience

Registration¶

Registration is a process of creating a unique link between the phone (identity) and Excalibur server (company). Setting authentication factors (such as PIN, biometric factors or location) is part of a registration process.

Self-Registration from the PC Login screen¶

Prerequisities:

1. Local / Domain account
2. Password

Steps:

1. Click “Register” on your computer’s Login screen (If there is only small QR code on your computer’s screen you can always click on it to maximize the Excalibur Login screen)
2. Fill in your username, password and click “Register”
3. Open Excalibur phone application and scan the QR code from computer’s screen
4. Confirm registration on your phone by clicking “Ok”
5. Continue to Setting factors

Self-Registration from the dashboard¶

Prerequisities:

1. Domain account
2. Password

Steps:

1. Type on browser https://yourdomain/register to visit registration page
2. Fill in your username in shape DOMAIN\username, password and click “Submit”
3. Open Excalibur phone application and scan the QR code from computer’s screen
4. Confirm registration on your phone by clicking “OK”
5. Continue to Setting factors

Setting factors¶

As a part of a registration, you are required to set your authentication factors. You will be asked to allow device location detection.

1. Scan your fingerprint or provide Face ID (if available)
2. Create your PIN code which will be used to confirm actions using Excalibur

Login¶

Excalibur acts as a security token for passwordless authentication.

For logging in you just:

1. Scan the Login QR with Excalibur mobile application
2. Confirm by providing required authentication factors (PIN, fingerprint or Face ID)
3. Computer should log you in automatically

Excalibur enables you to do multiple types of logins:

1. Online Login
2. OTP Login
3. Login without Phone

If there is only small QR code on your computer’s screen you can always click on it to maximize the Excalibur Login screen

Online Login¶

When both your computer and your phone are online Excalibur executes Online Login which after confirming authentication factors logs you in automatically

1. Scan the Login QR from the screen of your computer with Excalibur mobile phone application
2. Confirm by providing required authentication factors (PIN, Fingerprint, Face ID)
3. Computer should log you in automatically, if not:
   1. Continue to Static Password, if Excalibur asks for your current password
   2. Continue to Expired Password, if your password is expired and Excalibur asks for a new password
   3. Continue to OTP Login if Excalibur generates OTP code. When PC and Token are in the same network, the token tries to send data via SSDP protocol

Static password¶

During login Excalibur might ask you for your current User password. In that case:

1. Fill in your current User password
2. Click the “Login” button
3. Computer should log you in automatically

Expired password¶

When your password is expired due to your company’s password policy Excalibur might ask you for the new password. In that case:

1. Fill in your current User password
2. Fill in your new User password
3. Confirm by clicking the “Change” button
4. Computer should log you in automatically

OTP Login¶

When your phone or your PC is offline, the Excalibur application might generate short OTP code with expiration instead of logging you in automatically. In that case:

1. Retype the OTP code into OTP field of your computer’s screen
2. Confirm by pressing “ENTER” key on your keyboard or click on confirmation button

Login without Phone¶

When you forget your phone you might still log into the computer using Excalibur

1. Click on “Forgotten phone” button on your computer’s login screen
2. Fill in your username, Excalibur PIN code and the reason why you can’t use Excalibur mobile phone application to log in
3. Confirm by clicking the “Login” button
4. Wait for the Administrator, Service Desk operator, peer or your superior to confirm the Login
5. Based on user’s policy, verifiers have the option to select period on theirs tokens  during which the user can log without further verification. User just types username, PIN and the reason in this selected period.

Confirming action¶

When accessing services like VPN, SIP clients, or websites Excalibur might ask you for additional confirmation via notification:

1. Verify the action that is being executed
2. Confirm or cancel the action
3. Provide required authentication factors (PIN, fingerprint or Face ID)

Phone application¶

Excalibur application lets you log into computers and confirm actions without password just by using authentication factors

AApplication entry point is a map screen with the phone's current location and list of active sessions. In case of no active sessions, QR scanner is started automatically.

Main Application Menu:¶

History - detailed list of all authenticated sessions

Scanner - scanner for all supported QRs (login, register, …)

Settings - list of all registered companies (identities) with appropriate actions.

Session termination (lock/logout)¶

Excalibur always shows you all your active sessions and enables you to lock / logout them even if you are away from the computer

For the lock/logout just:

1. Choose the session from session list
2. Click on button
3. Select “Lock” or “Logout”

For the unlock/logout just:

1. Choose the session from session list
2. Click on button
3. Select “Unlock” or “Logout”

Sessions history¶

Excalibur lets you inspect your session history

1. Click on the Session History button on the left side of bottom panel
2. Scroll through your session history or change the month
3. Select specific session to see it on map and see session details

Reset PIN¶

When you want to change your PIN code simply:

1. Click on application settings
2. Click on “Reset PIN”
3. Confirm by providing required authentication factors (allow Location, PIN, fingerprint, Face ID)
4. Enter your new PIN code

Show password¶

Excalibur application provides to display your password on your registered phone. This option can be enabled or disabled by company's security policies.

1. Click on application settings
2. Click on your company
3. Click on your account
4. Select “Show password”
5. Provide authentication factors

Home locations¶

To allow work from home scenarios it is possible to set home locations for login to PC Client or Dashboard.

Add Locations

1. Click on application settings        
2. Select “Home geofences”.
3. Search your address using “Search address” bar, search result will be displayed on the map.
4. Tap on selected place and confirm by “Add geofence”.
5. Provide required factors

Remove Locations

1. Navigate to “Home geofences”.
2. Select the location which you want to delete and click on it.
3. For confirm click on “Remove geofence”

Report a problem¶

If you have any problem with Excalibur application, you have an option to send report with problem

1. Click on application settings button
2. Scroll screen
3. Click on “Report a problem”
4. Type  your email if you want to be contacted by developer
5. Describe your problem and send a report with “Send” button at the right top.
6. To send a report, "Usage & Diagnostics" has to be enabled. If not, application asks you to allow it.

Usage & Diagnostics¶

If some error occurred, the application allows to send Token's logs to the vendor.

1. Click on application settings button
2. Click on "Usage & Diagnostics" and enable it

App Theme¶

Since version 3.4.8, Excalibur application provides an option to set the theme of the Token. By default, the token has preseted theme by device mode (Light/Dark). If you wish to set different theme, select Light/Dark theme.

1. Click on application settings
2. Click on "App Theme".
3. Select required theme.

Run on background & Vibration¶

Excalibur application provides option to disable / enable Run on background and Vibrations.

Run on background

1. Click on application settings
2. Click on “Background running” button
3. Click on Disable

Vibrations

1. Click on application settings
2. Click on “Vibration” button

Termination of App¶

To close application follow steps:

1. Click on application settings and scroll down.
2. Click on “Exit App” button.
3. Confirm Exit.

Detection of mock location¶

When Excalibur detects mock location the app shows an information dialogue on the main screen as well as on each action screen when factors are checked. Following functionalities are limited:

1. Users can not see their own position on the map.
2. Set Home location is blocked.

Detection of rooted devices¶

When the device is rooted or its integrity is changed, the app shows an information dialogue. In this case the app restricts the map services such as set Home location from the Token, and user can not see its actual position on the map. Other functionalities are enabled.

About app¶

Since version 3.4.2 the app shows information about app and libraries of third parties which are used.

1. Click on application settings and scroll down
2. Click on “About App” button

Verifying co-workers¶

When you need to verify your co-worker e.g. in case of PIN reset or login:

1. Scan the QR code generated by your co-worker
2. Verify his identity, executed action and click “Verify”
3. Confirm by providing required authentication factors (PIN, fingerprint, Face ID) PIN verification was successful.

For more information about Peer verification, please see following documentation:

User Dashboard Manual

Security Policy Management

Roles Description

Peer verification in Tokenless case

Help¶

Tutorial¶

After successful first registration, the tutorial shows up. Tutorial provides a quick guide where to find Scanner to scan QR; how Lock/Unlock session; How to check Session history; Settings. Tutorial ends when all steps are done or by clicking on the X button. If the user closes the tutorial sooner then it ends, the tutorial shows up again after successful action and continues on.

How to enable camera¶

App asks a permission to allow access to camera after first launch. It is necessary to allow it due ability to scan the registration or login QR. In case that you tismiss this permision, and you wish to enable camera, close application and launch it again. App will ask you to allow use the camera. Possibly you may allow camera in device settings.

How to enable provisioning of location¶

Provisioning of location serves to better experience with Excalibur /token shows your position on the map, policy may require specific location for action/. App asks you to enable provisioning of location during registration proccess /or another action/. If security policy requires to enable provisioning of location, allow it. While provisioning of location is denied and you to enable it, click on Location services are required button and allow permission. Possibly you may allow location in device settings.

Learn more button¶

This button is shown on the scanner screen or on the screen when action is timeouted or blocked. By clicking on Learn more button, you can find an explanation about Login or why the action has not been successful and how to resolve a problem. If the problem still persists, please contact your administrator.

Scanner:

Timeouted action:

Blocked action:

Unsuccessful offline login¶

For OTP login to the computer is necessary to execute the first online login. During this procedure, the table with OTP codes is generated. If the first online login was successful and the problem still persists, it may indicate a problem with network connection. If not, please contact your administrator.

Corrupted registration¶

Company can have multiple Excalibur environments /DEVEL, INT, PRODUCTION etc./. For each environment is necessary to use a unique certificate. In case that company uses the same certificate for all environments, the Corrupted registration alert will shown on token after scanning of registration QR. If the token shows this alert, proceed with registration again. Data on your token were deleted. If a problem with registration persists, contact your administrator

Token update¶

If a new version of Excalibur token is released, and you launch the token then you will be informed about a new update. To update an application, click on Update button, following you will be redirected to the store from where the token can be updated.

Problem detected¶

This dialogue is shown while your attempts for action are unsuccessful. It may indicate a network connection problem. By clicking on the Exit button, the app will be killed. Then launch the app and try your attempt again.

Biometry has been changed¶

When biometry on iOS device has been changed, Excalibur token detects it and asks a user to Reset PIN. Then biometry will be initialized. If initialization of biometry failed, it can indicate problem with security enclave on the device.

Delete Account¶

Excalibur allows to delete account from the user's token. User can delete account on two places.

1. In Settings - Touch long with finger on account, dialogue to delete account shows up.
2. In User detail - Touch long with finger on account, dialogue to delete account shows up.

In both cases confirm action, and the account will be deleted.

Password not shown¶

When password has been reseted, the token is unable to show password, until the insertion of new the password into Excalibur client as is described in Static password chapter. If you do not to know a new password, ask your administrator to provide a new password.

Unsuccessful login - Expired QR¶

When you see this error message:

1. If you are trying to login to the Dashboard, refresh your webbrowser.
2. If you are trying to login to the Client, try to minimize/maximize client screen or restart your computer.

Security update¶

If the update includes the security update, then Excalibur Token will asks you to reset your factors (PIN and Biometry).

Further documentation¶

Excalibur User Dashboard Manual

EXC USER README EN

Excalibur FAQ