Skip to main content

Performing a Service Sanity Check

The following procedure explains how to check if your Authentication Cloud service and your branded Access App are functioning properly. This can come handy in situation when troubleshooting for end-user queries or general service availability issues. The decision diagram in Figure 1 helps to test systematically and find the root cause of the problem quickly. The system diagram in Figure 2 illustrates what systems are tested. The red labels correspond between the diagrams and the test procedures below.

Troubleshoot general service availability issuesSystems checked in the service sanity check
  1. Check service probe URL.
  2. Check for network / connection issues.
  3. Check the enrollment service.
  4. Check the login and approval service.

Prerequisites

To perform the sanity check, you need to have mobile phones dedicated for testing purposes ready. Make sure that the latest version of your Nevis Access App is installed on your test device, and that they are prepared for a new registration. At the end of this page you find instructions how to reset the authenticator app if needed.

In this document you need access to URLs and an Access Key that are individual to your environment. We refer in the instructions below to these URLs by its name as indicated in Table 1. The URLs are formed with the name of your environment URL that is used as <instance>.

For example: in https://sandbox-int-6c.mauth.nevis.cloud/test.html the part sandbox-int-6c is your <instance>. You need the following URLs to run the sanity check:

URL NameURLPurpose
Test and debug application URLhttps://<instance>.mauth.nevis.cloud/test.htmlTo test enrollment, login and approval functionality. You can access this from your management console.
Authentication Cloud Console URLhttps://portal.nevis.net/authcloud/<instance>/overviewTo get the Access key for the test page to work. You can access this from your Nevis Portal.

The Access Key has to be retrieved from the Nevis management console with the following steps:

note

You only need to do these steps once to get your credentials for the testing page.

  1. Log into your Nevis Management Console. You can access this from your Nevis Portal.
  2. Click Custom Integrations.
  3. Click on the Add custom integration button.
  4. Set the Integration name to Health Check.
  5. Set the Domain URL to https://<instance>.mauth.nevis.cloud/test.html.
  6. Copy the Access Key and note it down in a safe place, preferably in your support help system.
  7. Click Next and Done to complete the process.
  8. For more instructions how to use the Management Console you can watch the full screencast here.
Setting up your user support team
  • Make sure only authorized personnel can use this Access Key as it gives complete access to your Auth Cloud instance.
  • Have these URLs, the Access Key, and the steps below printed / added to your user support help system so your engineers have ready access to your specific pages.
  • Have two mobile phones dedicated for testing. An iPhone and an Android device should be available for customer support engineers in order to reproduce customer issues before reporting them.

Check Access Key validation

Checking Access Key validation allws you to see if the cloud service is available. This check refers to label 1 and 2 in the figures above.

  1. Open the Test and debug application URL in a browser, to confirm that the service is available.
  2. At the bottom, under Token Validation, enter an Access Key if you have one. Otherwise, you may also enter any arbitrary text.
  3. Click Validate.
  4. If there is a response, the service is up and running.

Test enrollment and approval

Add the Access Key

If this is the first time you visit the page, you need to add the Access Key. Otherwise it might be already there from a prior test, so you only need to perform the last step below.

  1. In a browser, open the Test and debug application URL.
  2. Under Setup and Tokens, check that the URL is your instance URL.
  3. Under Access Token, paste the Access Key you retrieved from the Management Console (see Prerequisites).
  4. Click Check + Continue.

Check the enrollment service functionality on the test.html page

This check refers to label 3 in the figures above.

  1. In your browser, on the test.html page, under Enroll a new authenticator, enter a username of your choice, such as Erika1021Test.
  2. Click the Enroll button. A QR code is displayed.
  3. On your mobile device, open your Access App.
  4. Tap Continue in your app.
  5. Scan the QR code with your App.
  6. Select your authentication method, either a PIN or a biometric method.
  7. Authenticate the registration on your device.
If the enrollment service works,
  • The device displays a notification that the registration was successful.
  • The test.html page, under Enroll a new authenticator, the last JSON response field displays a JWT payload that has "status": "succeeded".
  • If registration was successful, you also need to test if transaction approval also works as expected. Go on to the next step to do so.

In all other cases, please create an incident report. In your ticket, report the exact steps to reproduce the issue, including the username you used, the timestamps, the returned responses as well as the app version used.

Check the transaction approval functionality on the test.html page

This check refers to label 4 in the figures above.

  1. In your browser, on the test.html page, under Sign an approval, the username will be prefilled with the username you used for registration previously, such as Erika1021Test.
  2. In the Message field, enter a test message, shorter than 200 characters.
  3. Choose the approval method that your customers use.
  4. Select the Prompt user for confirmation of message checkbox.
  5. Click the Send approval button. Either the message is pushed to your phone or a QR code is displayed.
  6. On your mobile device, tap on the notification to open your Access App.
  7. Approve the push message or scan the QR code with your App.
  8. Select your authentication method, either a PIN or a biometric method.
  9. Authenticate the transaction on your device.
If the transaction approval service works,
  • The device displays a notification that the authentication was successful.
  • The test.html page, under the Sign an approval section, the last JSON response field displays a JWT payload that has "status": "succeeded".
  • Verify and fix the problem directly with the end user.

In all other cases, please create an incident report. In your ticket, report the exact steps to reproduce the issue, including the username you used, the timestamps, the returned responses as well as the app version used.

Resetting your mobile device

Resetting your device at the end of the day

At the end of the day, you can reset your application to clear out any test user data from it. This enables other support engineers to perform these tests without any delays.

To reset your Access App,

  1. Click the settings icon.
  2. Under Authenticator settings, tap Deactivate.
  3. Confirm Deactivation.
  4. Close the notification once the deactivation was successful.
  5. You may also remove the user from your Auth Cloud management console, by deleting it from the list of Users.