Skip to content

User manual

Excalibur

Excalibur acts as security token for passwordless authentication using your mobile phone to verify authentication factors such as Location, PIN, Fingerprint, Face ID, etc.

To start using Excalibur you need to install Excalibur mobile phone application first. Please download it from https://getexcalibur.com (in the footer) and proceed with Registration

Excalibur login screen

Excalibur login screen is simple User Interface whose core component is dynamically changing QR code.

From login screen you may:

  1. Login to your PC
  2. Self-Register into Excalibur
  3. Check Excalibur Server connection status
  4. Connect to networks or VPN adapters
  5. Switch language
  6. Switch keyboard settings
  7. Open built-in Help section for better User Experience

Registration

Registration is a process of creating a unique link between the phone (identity) and Excalibur server (company). Setting authentication factors (such as PIN, biometric factors or location) is part of a registration process.

Success

Registration is done by self-registration from a computer with Excalibur login screen or Dashboard registration form.

Info

Multicompany

Excalibur allows to register more accounts in different companies /one account per company/ or company's environments /Test, production etc./. For each account the same PIN code is used.

Self-Registration from the PC Login screen

Prerequisities:

  1. Local / Domain account
  2. Password

  3. Click “Register” on your computer’s Login screen (If there is only small QR code on your computer’s screen you can always click on it to maximize the Excalibur Login screen)

  4. Fill in your username, password and click “Register”
  5. Open Excalibur phone application and scan the QR code from computer’s screen
  6. Confirm registration on your phone by clicking “Ok”
  7. Continue to Setting factors

Self-Registration from the dashboard

Prerequisities:

  1. Domain account
  2. Password

  3. Type on browser https://yourdomain/register to visit registration page.

  4. Fill in your username in shape DOMAIN\username, password and click “Submit”
  5. Open Excalibur phone application and scan the QR code from computer’s screen
  6. Confirm registration on your phone by clicking “OK”
  7. Continue to Setting factors

Setting factors

As a part of a registration, you are required to set your authentication factors. You will be asked to allow device location detection.

  1. Scan your fingerprint or provide Face ID (if available)
  2. Create your PIN code which will be used to confirm actions using Excalibur

Login

Excalibur acts as a security token for passwordless authentication.

For logging in you just:

  1. Scan the Login QR with Excalibur mobile application
  2. Confirm by providing required authentication factors (PIN, fingerprint or Face ID)
  3. Computer should log you in automatically

Excalibur enables you to do multiple types of logins:

  1. Online Login
  2. OTP Login
  3. Login without Phone

If there is only small QR code on your computer’s screen you can always click on it to maximize the Excalibur Login screen

Online Login

When both your computer and your phone are online Excalibur executes Online Login which after confirming authentication factors logs you in automatically

  1. Scan the Login QR from the screen of your computer with Excalibur mobile phone application
  2. Confirm by providing required authentication factors (PIN, Fingerprint, Face ID)
  3. Computer should log you in automatically, if not:
    1. Continue to Static Password, if Excalibur asks for your current password
    2. Continue to Expired Password, if your password is expired and Excalibur asks for a new password
    3. Continue to OTP Login if Excalibur generates OTP code. When PC and Token are in the same network, the token tries to send data via SSDP protocol

Static password

During login Excalibur might ask you for your current User password. In that case:

  1. Fill in your current User password
  2. Click the “Login” button
  3. Computer should log you in automatically

Expired password

When your password is expired due to your company’s password policy Excalibur might ask you for the new password. In that case:

  1. Fill in your current User password
  2. Fill in your new User password
  3. Confirm by clicking the “Change” button
  4. Computer should log you in automatically

OTP Login

When your phone or your PC is offline, the Excalibur application might generate short OTP code with expiration instead of logging you in automatically. In that case:

  1. Retype the OTP code into OTP field of your computer’s screen
  2. Confirm by pressing “ENTER” key on your keyboard or click on confirmation button

Info

Sometimes may happen that a token displays the same sessions with an online or lock indicator. It can indicate that sessions were not correctly processed. Excalibur automatically closes expired sessions after five days.

Login without Phone

When you forget your phone you might still log into the computer using Excalibur

  1. Click on “Forgotten phone” button on your computer’s login screen
  2. Fill in your username, Excalibur PIN code and the reason why you can’t use Excalibur mobile phone application to log in
  3. Confirm by clicking the “Login” button
  4. Wait for the Administrator, Service Desk operator, peer or your superior to confirm the Login
  5. Based on user’s policy, verifiers have the option to select period on theirs tokens  during which the user can log without further verification. User just types username, PIN and the reason in this selected period.

Confirming action

When accessing services like VPN, SIP clients, or websites Excalibur might ask you for additional confirmation via notification:

  1. Verify the action that is being executed
  2. Confirm or cancel the action
  3. Provide required authentication factors (PIN, fingerprint or Face ID)

Phone application

Excalibur application lets you log into computers and confirm actions without password just by using authentication factors

AApplication entry point is a map screen with the phone's current location and list of active sessions. In case of no active sessions, QR scanner is started automatically.

Main Application Menu:

History - detailed list of all authenticated sessions

Scanner - scanner for all supported QRs (login, register, …)

Settings - list of all registered companies (identities) with appropriate actions.

Session termination (lock/logout)

Excalibur always shows you all your active sessions and enables you to lock / logout them even if you are away from the computer

For the lock/logout just:

  1. Choose the session from session list
  2. Click on button
  3. Select “Lock” or “Logout”

For the unlock/logout just:

  1. Choose the session from session list
  2. Click on button
  3. Select “Unlock” or “Logout”

Info

Unlock option is only available at the location of last performed login. In case that User changed location, he / she has to scan the QR code again to be able to log in.

Sessions history

Excalibur lets you inspect your session history

  1. Click on the Session History button on the left side of bottom panel
  2. Scroll through your session history or change the month
  3. Select specific session to see it on map and see session details

Reset PIN

When you want to change your PIN code simply:

  1. Click on application settings
  2. Click on “Reset PIN”
  3. Confirm by providing required authentication factors (allow Location, PIN, fingerprint, Face ID)
  4. Enter your new PIN code

Warning

In case of multiple accounts the Reset PIN for all accounts is needed. After first Reset PIN, the token asks you to Reset PIN for another account. Please provide the same PIN. If another Reset PIN is cancelled, token informs you about unequal PIN code.

Show password

Excalibur application provides to display your password on your registered phone. This option can be enabled or disabled by company's security policies.

  1. Click on application settings
  2. Click on your company
  3. Click on your account
  4. Select “Show password”
  5. Provide authentication factors

Home locations

To allow work from home scenarios it is possible to set home locations for login to PC Client or Dashboard.

Info

By default, Security policy does not allow Set location.

Info

Since version 3.4.13, the token uses native maps from device.

Add Locations

  1. Click on application settings        
  2. Select “Home geofences”.
  3. Search your address using “Search address” bar, search result will be displayed on the map.
  4. Tap on selected place and confirm by “Add geofence”.
  5. Provide required factors

Remove Locations

  1. Navigate to “Home geofences”.
  2. Select the location which you want to delete and click on it.
  3. For confirm click on “Remove geofence”

Attention

If a company's policy limits the number of defined Home geofences and the user tries to define more than allowed, a warning will be displayed.

Info

Provisioning of location /GPS/ have to be enabled to set Home location. If it is disabled then the app asks you to enable it. If you deny permission, the alert dialogue shows up.

Report a problem

If you have any problem with Excalibur application, you have an option to send report with problem

  1. Click on application settings button
  2. Scroll screen
  3. Click on “Report a problem”
  4. Type  your email if you want to be contacted by developer
  5. Describe your problem and send a report with “Send” button at the right top.
  6. To send a report, "Usage & Diagnostics" has to be enabled. If not, application asks you to allow it.

Usage & Diagnostics

If some error occurred, the application allows to send Token's logs to the vendor.

  1. Click on application settings button
  2. Click on "Usage & Diagnostics" and enable it

App Theme

Since version 3.4.8, Excalibur application provides an option to set the theme of the Token. By default, the token has preseted theme by device mode (Light/Dark). If you wish to set different theme, select Light/Dark theme.

  1. Click on application settings
  2. Click on "App Theme".
  3. Select required theme.

Run on background & Vibration

Excalibur application provides option to disable / enable Run on background and Vibrations.

Info

Since versions 3.4.8 these settings are disabled by default.

Run on background

  1. Click on application settings
  2. Click on “Background running” button
  3. Click on Disable

Vibrations

  1. Click on application settings
  2. Click on “Vibration” button

Info

Run on background improves better app speed when launches. App doesn’t collect any data on background.

Termination of App

To close application follow steps:

  1. Click on application settings and scroll down.
  2. Click on “Exit App” button.
  3. Confirm Exit.

Detection of mock location

When Excalibur detects mock location the app shows an information dialogue on the main screen as well as on each action screen when factors are checked. Following functionalities are limited:

  1. Users can not see their own position on the map.
  2. Set Home location is blocked.

Warning

While you see this information dialogue, check your device please.

Detection of rooted devices

When the device is rooted or its integrity is changed, the app shows an information dialogue. In this case the app restricts the map services such as set Home location from the Token, and user can not see its actual position on the map. Other functionalities are enabled.

Warning

While you see this information dialogue, check your device please. Your data may be corrupted!!

About app

Since version 3.4.2 the app shows information about app and libraries of third parties which are used.

  1. Click on application settings and scroll down
  2. Click on “About App” button

Verifying co-workers

When you need to verify your co-worker e.g. in case of PIN reset or login:

  1. Scan the QR code generated by your co-worker
  2. Verify his identity, executed action and click “Verify”
  3. Confirm by providing required authentication factors (PIN, fingerprint, Face ID) PIN verification was successful.

Info

Peer verification

Peer verification is a special type of action when two peers confirm the action of their colleague and can be used for each action of Excalibur.

For more information about Peer verification, please see following documentation:

User Dashboard Manual

Security Policy Management

Roles Description

Peer verification in Tokenless case

Help

Tutorial

After successful first registration, the tutorial shows up. It provides a quick guide where to find Scanner, Lock/Unlock session, Sesion history and Settings. Tutorial is closed when all steps are done or by clicking on the X button. If the user closes the tutorial on any step, the tutorial shows up again after successful action.

How to enable camera

App asks a permission to allow access to camera after first launch. It is necessary to allow it due ability to scan the registration or login QR. In case that you tismiss this permision, and you wish to enable camera, close application and launch it again. App will ask you to allow use the camera. Possibly you may allow camera in device settings.

How to enable provisioning of location

Provisioning of location serves to better experience with Excalibur /token shows your position on the map, policy may require specific location for action/. App asks you to enable provisioning of location during registration proccess /or another action/. If security policy requires to enable provisioning of location, allow it. While provisioning of location is denied and you to enable it, click on Location services are required button and allow permission. Possibly you may allow location in device settings.

Learn more button

This button is shown on the scanner screen or on the screen when action is timeouted or blocked. By clicking on Learn more button, you can find an explanation about Login or why the action has not been successful and how to resolve a problem. If the problem still persists, please contact your administrator.

Scanner:

Timeouted action:

Blocked action:

Unsuccessful offline login

For OTP login to the computer is necessary to execute the first online login. During this procedure, the table with OTP codes is generated. If the first online login was successful and the problem still persists, it may indicate a problem with network connection. If not, please contact your administrator.

Attention

Offline login to the Excalibur Dashboard is impossible.

Corrupted registration

Company can have multiple Excalibur environments /DEVEL, INT, PRODUCTION etc./. For each environment is necessary to use a unique certificate. In case that company uses the same certificate for all environments, the Corrupted registration alert will shown on token after scanning of registration QR. If the token shows this alert, proceed with registration again. Data on your token were deleted. If a problem with registration persists, contact your administrator

Token update

If a new version of Excalibur token is released, and you launch the token then you will be informed about a new update. To update an application, click on Update button, following you will be redirected to the store from where the token can be updated.

Problem detected

This dialogue is shown while your attempts for action are unsuccessful. It may indicate a network connection problem. By clicking on the Exit button, the app will be killed. Then launch the app and try your attempt again.

Biometry has been changed

When biometry on iOS device has been changed, Excalibur token detects it and asks a user to Reset PIN. Then biometry will be initialized. If initialization of biometry failed, it can indicate problem with security enclave on the device.

Delete Account

Excalibur allows to delete account from the user's token. User can delete account on two places.

  1. In Settings - Touch long with finger on account, dialogue to delete account shows up.
  2. In User detail - Touch long with finger on account, dialogue to delete account shows up.

In both cases confirm action, and the account will be deleted.

Password not shown

When password has been reseted, the token is unable to show password, until the insertion of new the password into Excalibur client as is described in Static password chapter. If you do not to know a new password, ask your administrator to provide a new password.

Further documentation

Excalibur User Dashboard Manual

EXC USER README EN

Excalibur FAQ