Skip to main content
Skip table of contents

New enhancement on lost mode procedure - complete guide

This document will explain in details all the aspects on the lost mode mechanism.

Why Do We Need Lost Mode?

Imagine you rely on Veridium Authentication to securely access your online banking or work systems. This system involves multiple components like the Veridium server, and different devices such as your mobile phone, SMS for verification, or a FIDO security key.

Now, let's say you're on a trip and suddenly realize you've lost your phone. It’s a terrible feeling, right? But it gets worse—you can’t access any of your secure systems because your phone was your primary authentication device. Without it, you’re locked out of your bank account, unable to check your work emails, and essentially cut off from important services.

This is where Lost Mode comes in.

A Real-Life Example

Let’s say Sarah is on vacation and misplaces her mobile phone. Her phone was set up with Veridium’s authentication, and now she can't log in to her work's secure system. Since her work uses Veridium to ensure only authorized people can access sensitive data, she’s stuck—unless there's a backup plan.

With Lost Mode, Sarah can still gain access. Even though she lost her phone, she can authenticate herself using an alternative method provided by Lost Mode. For example, she might receive a one-time passcode via email or use a different pre-registered device to verify her identity. This temporary solution ensures that Sarah isn’t completely locked out of her systems, allowing her to continue her work or manage her accounts securely.

Why It’s Important

Lost Mode is essential because it provides a safety net for users who find themselves in situations like Sarah’s. It ensures that even if you lose access to your primary authentication device, you’re not entirely stranded. Instead, you have a reliable backup option to regain access to critical systems quickly and securely, ensuring you can carry on with your day-to-day activities without a hitch.

In short, Lost Mode is about giving users peace of mind. Even if something goes wrong, like losing your phone, you know there's a backup plan in place to keep you connected and secure.

Functionality

For the Windows part please follow the sections: Lost Mode Lost Mode - authentication

Activating Lost Mode

When losing access to the mobile phone or application, the user should reach out help desk. After the help desk staff validates the user and if he/she has enrolled to the system, they may ask specific questions such as; if losing access is because of no battery power or losing device etc. Regarding the duration of time that user cannot use his/her mobile phone, the staff will create a code that can be used for a specific period of time (like 1 hour, 8 hours or custom duration). That code will be given to the user verbally or by sms or email. On each identity we can find the option to activate lost mode from right side menu panel.

Screenshot 2024-08-30 at 10.10.08.jpeg

The action will open a pop-up for settings the on what device should be applied the lost mode, also the duration of the lost mode, a description, delivery type and type of the lost mode.

a. Devices selection

Screenshot 2024-08-30 at 11.45.37.jpeg

Choose Device that you want to activate Lost Mode on. It can only be an authenticator that is already enrolled and it is lost/forgotten/unavailable, for example (phone device, SMS or FIDO device)

b. Duration

Screenshot 2024-08-30 at 11.50.24.png

Numbers of hours while Lost Mode is active. The user can use the authentication code only while lost mode is active. The time hours can be modified from the lost mode settings and add custom duration as 0.016 that represent 1 minute and means that the lost mode code will be valid 1 minute.

c. Delivery type

Screenshot 2024-08-30 at 11.56.57.png

The channel used to send the code to the user:
VERBAL indicates that the authentication code will be displayed in Admin, and will be communicated to the user verbally.
SMS indicates that the authentication code will be received in a SMS on the user phone number (from the directory service or the custom one set by the user)
EMAIL indicates that the authentication code will be received via an EMAIL (on the user email address from the directory service, or any other email address that can be accessed by the user)

If we are choosing VERBAL and activate lost mode, then in the UI we will have the code displayed and ready to be copied.

Screenshot 2024-08-30 at 12.12.04.png

VERBAL code will be displayed only once after activating the lost mode for a device. Please be careful to copy safety this code and use when necessary.

d. Lost mode type

Screenshot 2024-08-30 at 12.04.43.png

This represent the type of the Lost mode. Can be temporary or permanent. For permanent one, the device will remain blocked after LOST MODE code is expiring and user needs to take additional action to remove the device.

Lost mode scheduler will not be able to auto revoke the code if the type is permanent.

After Lost mode is active for a specific device, we will have some visual feedback regarding on what devices was applied, the time when code is expiring, if the scheduler for auto revoke codes is active or not, and if the scheduler can revoke codes (case for PERMANENT type of lost mode)

Screenshot 2024-08-30 at 12.21.06.jpeg

Screenshot 2024-08-30 at 12.29.04.png

Now for example, if we are gonna try to authenticate in SSP, we can see the option to use the lost mode code that was provided via SMS, EMAIL or VERBAL (displayed in the UI)

Screenshot 2024-08-30 at 12.33.23.png

Deactivating lost mode

For deactivating lost mode, we have 2 options: from the right side menu or from the yellow banner.

Screenshot 2024-08-30 at 12.57.00.jpeg

Lost mode configuration settings

Lost mode has a dedicate page for setting different aspects as:

  • code length → it should be between 6-8 digits

  • duration

  • message body

  • delivery type choose between SMS, EMAIL or VERBAL

  • integration id → Integration external ID in which integration lost mode profile will be used e.g. AD

Screenshot 2024-08-30 at 13.04.08.png


We can land on this page accessing Orchestrator → Methods → LOST_MODE or from the identity page

Screenshot 2024-08-30 at 13.07.44.png

Lost mode auto revoke scheduler configuration

A job scheduler is implemented that can scan the lost mode table with a configurable frequency and for the devices detected that have met the time criteria (lost mode duration expired), it will reactivate them.
For easier translation of the cron format into human readable form and syntax validation, a CRON Parser can be used. The setting can be found in General tab

Screenshot 2024-08-30 at 13.12.14.png

The action of the scheduler is applied only for lost mode codes of type Temporary

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close