Versions Compared

Version Old Version 21 New Version Current
Changes made by

ajmankey

ajmankey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top
top

The MOST common 'Boilerkey call/issue' of late are due to the user getting a new device.

...

"I got a new phone, and my Boilerkey stopped working."
"I factory reset my device, and now Boilerkey isn't working."
"Duo Mobile says Purdue University : Reconnect."
"The 'Issues with your Boilerkey?' link told me to contact ITaP."
"I need a activation/bar/QR code for DuoMobile/Boilerkey."

A this point we have 3 2 courses of action to resolve the issue.

A.) Instruct the user how to use their Boilerkey Self-Recovery Tool to set up their new device (assuming they enabled it)
BC.) Remove all of the user's devices from their account, and use the "White 'Authentication Failed' screen" to get them into device setup.
C.) Issue a bypass code, enable SRT (Self-Issue a bypass code, enable SRT (Self-Recovery Tool), set up their new device.

In an ideal world, everyone would have their SRT set up and know how to use it, and we would never need to help anyone when they get a new device. However, SRT isn't a required part of the Boilerkey setup process, so usually they don't have it setup. Or if they do... they don't know how to use it.

NOTE: By this point, they've already contacted us about their new device issue, can't change that. My goal though, is to do my best to make sure that next time... they don't need to call. For that reason, when 'Option A' doesn't work, I prefer 'Option C' rather than 'Option B.'

Anchor
OptionA
OptionA


Panel
borderColorgreen
titleColorGoldgreen
borderWidth2
titleBGColortanpalegreen
borderStylesolid
titleNew Device Activation : Option A - Using the Boilerkey Self-Recovery Tool
  1. Once someone has identified themselves as having a new device, and Boilerkey is no longer working... ask them if they have already enabled their "Boilerkey Self-Recovery Tool" 
    1. "No" - Skip to option B or C
    2. "I don't know" - Usually means they haven't... follow along to find out, or assume they don't have it enabled (usually the latter) and skip to option C now
    3. "Yes" - Continue to follow along below
  2. Direct them to purdue.edu/boilerkey
  3. Click on the link BELOW the login prompt manage button that says "Issues with your Boilerkey?says "Self-Recovery"
  4. Have them fill out all three fields and click "Continue"
  5. One of two things will happen:
    1. They'll get  a text message on their phone and be prompted to input the code into the next web page in the browser
    2. They'll be prompted to contact ITaP - Their self-recovery tool isn't enabled,  skip to option B or C
  6. Enter the code received into the next page
  7. Once logged in, click on the option at the top to "Set up Replace a new Duo Mobile Boilerkey"
    1. Step 0: On screen, they'll see their previous device listed with an option to replace. Assuming they're not still using it, click on the device and select replace.
    2. Step 1: Make sure that they have the app installed
      1. Notifications SHOULD be enabled
    3. Step 2: Confirm their PIN
    4. Step 3: Device ManagementRemove any existing on the new phone
      1. Remove any existing "Purdue University" keys on the device, they 'll probably key will say 'Reconnect' next to it
        1. iPhones : Tap  Tap 'Edit' in top left corner, and the red icon or the 3 dots in the upper right of the key, and then delete option to remove the key/account from this device
        2. Andriod : Press & Hold on "Purdue University" to remove the key/account
        3. Others : Try both of the above methods?
        On the computer, they'll probably see their previous device listed with an option to remove. Assuming they're not still using it, remove the device. (It will just clutter things up)
        1.  
      2. Notifications SHOULD be enabled
    5. Step 2: Confirm their PIN
    6. Step 3: Device Management
      1. Have them enter in a new Device Name, it SHOULD be the model of the phone, iPhone8, GalaxyS7, etc (no spaces, no special characters)
    7. Step 4: Activate  Register the new device via scanning or link
      1. Option 1 : Registering a new device using a computer and your device camera
        1. Tap the "Get started" or "Add account" option on the Duo Mobile App
        2. The app needs to access their camera so that it can scan the appcode, so allow it if prompted
        3. Point the camera at the QR code on screen in order to scan it
        4. "Purdue University" with a dropdown arrow and a 6 digit code should appear
      2. Option 2 : Registering a device, using itselffrom it's own web browser
        1. If the user is completing the registration process on the device itself,
        2. On Step 4, click the "Option 2" link below the QR code, and follow the on screen directions
    8. Step 5: Testing your device activation
      1. The username will just be their regular Career Account Username
      2. The "Boilerkey Passphrase" will be either:
        1. PIN#, comma, 'push' (####,push)
          1. In this case they'll need to tap the "Approve" option on the notification that their phone receives WITHIN 15 seconds of clicking the "Test Boilerkey Authentication" button.
        2. PIN#, comma, 6-DIGIT-CODE (####,######)
          1. The code will come from the DuoMobile app (tap the dropdown arrow next to Purdue University)
          2. You MUST tap the refresh icon EVERY time BEFORE putting the code into the login prompt
          3. There are no spaces in the Passphrase or Code
          4. Some phones show the Refresh icon as a key and needs to be 'toggled' for a new code
      3. This Login page works like any other CAS login or test page, and can be troubleshooted in the same way
        NOTE: If they got the phone notification, but the we page said "Sorry, this is not the correct Boilerkey passphrase" It's lying... they just took too long to approve, try again.
    9. Step 6: The setup process is complete, their new device is setup for Boilerkey Authentication

Anchor
OptionBOptionCOptionB
OptionC


NOTE: This is the same steps you would take for a user who has never attempted to set up Boilerkey before, but currently is required to use Boilerkey for CAS logins. 

NOTE: Casey is going to hate me for this, but this is not my preferred method for registering a new device, it's up to you, but I prefer Option C myself.

  • Using this method, if you're on a Step for more than like 40 seconds, it will log you out.
  • Using option C, I can get them to enable their Self-Recovery Tool FIRST, then go set up the new device.
  • Using option C, I can teach them some self reliance by walking them through the process of removing a device and adding a new one rather than doing it for them.
    • HOWEVER.... this option is faster...
    1. The user has identified themselves as recently getting a new device, and not able to use their Boilerkey
    2. They either haven't set up their Self-Recovery Tool, or don't know if they have
    3. Do a Purdue Person Search (PPS) Identity Verification
      1. PUID
      2. Username/Alias
      3. Date of Birth (DOB)
      4. Address on Record
      5. First & Last Name
    4. If they have not already done so, have them install Duo Mobile on their new device (the one with the GREEN icon)
    5. Confirm that the app does not have any existing (broken) keys on the device, they'll probably say 'Reconnect' next to it
      1. iPhones : Tap 'Edit' in top left corner, and the red icon to remove the key/account
      2. Andriod : Press & Hold on "Purdue University" to remove the key/account
      3. Others : Try both of the above methods?
    6. Direct them to purdue.edu/boilerkey
    7. Access the User's Boilerkey Profile Page
      1. Go to your own Boilerkey homepage, purdue.edu/boilerkey
      2. Click the link at the bottom "Manage customer BoilerKey"
      3. Put their username in the search field
      4. Remove all devices from their Boilerkey Profile
        1. You should see only one device listed, click the remove option
        2. If you see multiple devices, you should confirm you're only removing ones not in use
        3. If any listed devices say "No, blah blah blah..." under "Ready for use", they are broken, and should likely also be removed
        4. If they have any tokens listed... do NOT remove their tokens. You'll need to divert to Option C below, this method only works if you remove ALL devices (tokens count as devices)
      5. Once all devices are removed, proceed
    8. Have the user log into using their Career Account Username/Alias and Career Account password
    9. They SHOULD arrive on a WHITE screen that says "AUTHENTICATION FAILED you are required to use Boilerkey"
    10. Have them click on the button to 'Set up Boilerkey"
      1. From here on out, they will only have ~40 seconds per page or they will be logged out, and will have to start over
    11. It will prompt them for their username and password again.
    12. Click the button to "Create a Duo Mobile Boilerkey"
    13. They should arrive on Step 1 of 6,
      1. Step 1: Make sure that they have the app installed
        1. Notifications SHOULD be enabled
      2. Step 2: Confirm their PIN
      3. Step 3: Device Management
        1. Have them enter in a new Device Name, it SHOULD be the model of the phone, iPhone8, GalaxyS7, etc (no spaces)
      4. Step 4: Activate the device via scanning or link
        1. Option 1 : Registering a new device using a computer
          1. Tap the "Get started" or "Add account" option on the Duo Mobile App
          2. The app needs to access their camera so that it can scan the app
          3. Point the camera at the QR code on screen in order to scan it
          4. "Purdue University" with a dropdown arrow and a 6 digit code should appear
        2. Option 2 : Registering a device, using itself
          1. If the user is completing the registration process on the device itself,
          2. On Step 4, click the "Option 2" link below the QR code, and follow the on screen directions
      5. Step 5: Testing your device activation
        1. The username will just be their regular Career Account Username
        2. The "Boilerkey Passphrase" will be either:
          1. PIN#, comma, 'push' (####,push)
            1. In this case they'll need to tap the "Approve" option on the notification that their phone receives WITHIN 15 seconds of clicking the "Test Boilerkey Authentication" button.
          2. PIN#, comma, 6-DIGIT-CODE (####,######)
            1. The code will come from the DuoMobile app (tap the dropdown arrow next to Purdue University)
            2. You MUST tap the refresh icon EVERY time BEFORE putting the code into the login prompt
            3. There are no spaces in the Passphrase or Code
            4. Some phones show the Refresh icon as a key and needs to be 'toggled' for a new code
        3. This Login page works like any other CAS login or test page, and can be troubleshooted in the same way
      6. Step 6: The setup process is complete, their new device is setup for Boilerkey Authentication, continue below
    14. Since they haven't already enabled their Self-Recovery Tool, they should do so now
      1. Direct them back to the Boilerkey homepage, purdue.edu/boilerkey
      2. Next to the ambulance icon, they should click "Enable BoilerKey Self-Recovery via text messaging"
      3. Enter their cellphone number and send a verification code via text
      4. Enter the code received into the next page
    15. In the future, they can use the Self-Recovery Tool to set up a new device
      1. The Self-Recovery Tool is allows a user to access a stripped down version of the Boilerkey homepage
      2. The tool is accessed by clicking the "Issues with your Boilerkey?" link below the normal login prompt
    Panel
    borderColorGoldmagenta
    titleColormagenta
    borderWidth2
    titleBGColortanpink
    borderStylesolid
    titleNew Device Activation : Option B - "Bypass Mode" and the "White 'Authentication Failed' screen"

    ...

    NOTE: This is approximately the same steps you would take for a user who has never attempted to set up Boilerkey before
    Panel
    borderColorgold
    borderWidth2
    titleBGColortan
    borderStylesolid
    titleNew Device Activation : Option C - Bypass code and Self-Recovery Tool Setup
    'Device Purge method using the White Auth Failed Page'

    NOTE: The process formerly known as "Option B" has been removed as it has proven to be unstable and buggy, causing issues on both the user side and the admin side. It relied on a function of Boilerkey that was only implemented as a temporary fix during the initial Boilerkey rollout, and was not intended for continued use, hence... unstable and buggy... Please use Option C below.

    Anchor
    OptionC
    OptionC


    Panel
    borderColorgreen
    titleColorgreen
    borderWidth2
    titleBGColorpalegreen
    borderStylesolid
    titleNew Device Activation : Option C - Bypass code and Self-Recovery Tool Setup

    NOTE: This is approximately the same steps you would take for a user who has never attempted to set up Boilerkey before, and they're NOT currently required to use Boilerkey for CAS logins. They would just use their career account password to log in initially instead of PIN#,9-DIGIT-BYPASS

    NOTE: This is the preferred method for setting up a new device, as it doesn't have a timeout on pages, it enables SRT, and shows them how to set up their new devices in the future.

    • Using this method, you can take as much time as needed for each step, with some users, this is important.
    • Using this option, you can get them to enable their Self-Recovery Tool FIRST, then go set up the new device, hopefully reducing future calls.
    • Using this option, you can teach the user some self reliance by walking them through the process of removing a device and adding a new one rather than doing it for them.
    • HOWEVER.... this option is slower... but if it reduces future calls... kind of worth it.

    1. The user has identified themselves as recently getting a new device, or an issue with their device, and not able to use their Boilerkey
    2. They either haven't set up their Self-Recovery Tool, or don't know if they have (assume they haven't if they're not sure)
    3. YOU will need to do a Purdue Person Search (PPS) Identity Verification
      NOTE: October 2019, only 3 of the 5 data points are required. Bolded ones are preferred.
      1. PUID
      2. Username/Alias
      3. Date of Birth (DOB)
      4. Address on Record
      5. First & Last Name
    4. Direct them to open purdue.edu/boilerkey in a browser (computer PREFERRED... but not REQUIRED)
    5. YOU will need to access YOUR Boilerkey page
      1. Go to purdue.edu/boilerkey
      2. Click the "Manage" button in the middle with the gears
      3. Click the link near the bottom "Issue Duo Bypass codes to customers"
      4. Put in their PUID & username, and check the checkbox
      5. You'll receive a 9-DIGIT-BYPASS code (server generated pass codes can be identified by their 9 digit nature)
    6. If they're not already there, direct them to open purdue.edu/boilerkey in a browser (computer PREFERRED... but not REQUIRED)
      1. DO NOT have them click on it, but draw their attention to the "Self-Recovery" button below the "Manage" button, we will refer back to it later.
      2. Have them click the "Manage" button in the middle with the gears
    7. They will be at a CAS login prompt, have them log in with their username,
      1. Their input for password should be of the form PIN#,PIN#,9-DIGIT-BYPASS (####,#########)
        NOTE: If their PIN has been reset at some point, (can be checked on Catbert), they should instead use the form Career-Account-Password, a comma, 9-DIGIT-BYPASS (####,#########)
        NOTE: If their PIN has been reset at some point, can be checked on Catbert, they should instead use the form Career-Account-Password, a comma, 9-DIGIT-BYPASS (PW,#########)
      Once logged in, direct them to set up their Self-Recovery Tool setup
    8. Next to the ambulance icon, they should click "Enable BoilerKey Self-Recovery via text messaging"
    9. Enter their cellphone number and send a verification code via text
    10. Enter the code received into the next page
      NOTE: There have been some issues lately where this fails, about 80% of the time it works the second time, if it still doesn't work by the third time skip this step and send the ticket to ITAP_IDENTITIY_MGMT
      Check the 'Potential Problem ?" checkbox and document the reason for escalating.
      11. They should get the message "The changes to your cell phone settings have been saved"
      In the future, they can use the Self-Recovery Tool to set up a new device
    11. The Self-Recovery Tool is allows a user to access a stripped down version of the Boilerkey homepage
    12. Explain to them how the tool is accessed by clicking the "Self-Recovery" button back on the Boilerkey landing page
      13. The Self-Recovery Tool setup should have opened in a new tab, if they close out of it, they should be back on the Boilerkey homepage
      Once they're back on the Boilerkey homepage,
      1. Tell them that this is the EXACT process that they will use in the future to set up a new device (once they've authenticated with SRT)
      2. Have them click on the option at the top to "Set up a new Duo Mobile Boilerkey" (next to the green square Duo icon)PW,#########)
    13. Once logged in, direct them to set up their Self-Recovery Tool setup
      1. Next to the ambulance icon, they should click "Enable BoilerKey Self-Recovery via text messaging"
      2. Enter their cellphone number and send a verification code via text
      3. Enter the code received into the next page
        NOTE: There have been some issues lately where this fails, about 80% of the time it works the second time, if it still doesn't work by the third time skip this step and send the ticket to ITAP_IDENTITIY_MGMT
        Check the 'Potential Problem ?" checkbox and document the reason for escalating.
      4. Once the code is accepted, they should get the message "The changes to your cell phone settings have been saved"
    14. In the future, they can use the Self-Recovery Tool to set up a new device
      1. The Self-Recovery Tool is allows a user to access a stripped down version of the Boilerkey homepage
      2. Explain to them how the tool is accessed by clicking the "Self-Recovery" button back on the Boilerkey landing page
      3. Have them go back to the Boilerkey home page by clicking the "Boilerkey Self-Serve" under the black bar at the top of the page.
    15. Setting up the new device
      1. Tell them that this is the EXACT process that they will use in the future to set up a new device (once they've authenticated with SRT)
      2. Have them click on the option at the top to "Replace a new Duo Mobile Boilerkey" (next to the green square Duo icon)
      3. Step 0: On screen, they'll see their previous device listed with an option to replace. Assuming they're not still using it, click on the device and select replace.
        NOTE: If they are NOT replacing a device outright, on the Boilerkey homepage use the "Add or Remove your Duo Mobile BoilerKeys" to just add a new device outright instead.
      4. Step 1: Make sure that they have the Duo Mobile app installed on their new device (GREEN icon, not the BLUE one)
        1. If it prompts for it, notifications SHOULD be enabled
      5. Step 2: Confirm their PIN
      6. Step 3: Device Managementthe new phone
        1. Remove any existing "Purdue University" keys on the device, they 'll probably key will say 'Reconnect' next to it
          1. iPhones : Tap  Tap 'Edit' in top left corner, and the red icon , or the 3 dots in the upper right of the key, and then delete option to remove the key/account from this device
          2. AndroidAndriod : Press & Hold on "Purdue University" to remove the key/account
          3. Others : Try both of the above methods?
          On the computer, they'll probably see their previous device listed with an option to remove. Assuming they're not still using it, remove the device. (It will just clutter things up)
          1.  
        2. Notifications SHOULD be enabled
      7. Step 2: Confirm their PIN
      8. Step 3: Device Management
        1. Have them enter in a new Device Name, it SHOULD be the model of the phone, iPhone11plusiPhone8, GalaxyS7, etc (no spaces, no special characters)
      9. Step 4: Activate  Register the new device via scanning or link
        1. Option 1 : Registering a new device using a computer and your device camera
          1. Tap the "Get started" or "Add account" option on the Duo Mobile App
          2. The app needs to access their camera so that it can scan the appcode, so allow it if prompted
          3. Point the camera at the QR code on screen in order to scan it
          4. It will briefly pop up a message about adding account
          5. Once added, "Purdue University" with a dropdown arrow and a 6 digit code should appear
        2. Option 2 : Registering a device, using itselffrom it's own web browser
          1. If the user is completing the registration process on the device itself,
          2. On Step 4, click the "Option 2" link below the QR code, and follow the on screen directions
          3. to open the link in the app
      10. Step 5: Testing your device activation
        1. The username will just be their regular Career Account Username
        2. The "Boilerkey Passphrase" will be either:
          1. PIN#, comma, 'push' (####,push)
            1. In this case they'll need to tap the "Approve" option on the notification that their phone receives WITHIN 15 seconds of clicking the "Test Boilerkey Authentication" button.
          2. PIN#, comma, 6-DIGIT-CODE (####,######)
            1. The code will come from the DuoMobile app (tap the dropdown arrow next to Purdue University)
            2. You MUST tap the refresh icon EVERY time BEFORE putting the code into the login prompt
        11. NOTE:
            1. There are no spaces in the Passphrase or Code
        12. NOTE:
            1. Some phones show the Refresh icon as a key and needs to be
        13. 'toggled' for a new codeIf a user fails to authenticate, only ONE error message is displayed in response "This is not the correct Boilerkey passphrase"
        It LIES, regardless of why it failed, this is always the message it displays,
            1. 'toggled' for a new code
        2. This Login page works like any other CAS login or
        14. test page, and can be troubleshooted in the same way
        1. test page, and can be troubleshooted in the same way
          NOTE: If they got the phone notification, but the we page said "Sorry, this is not the correct Boilerkey passphrase" It's lying... they just took too long to approve, try again.
      15. Step 6: The setup process is complete, their new device is setup for Boilerkey Authentication
    16. Send them on their way, and finalize your ticket for the call.
      NOTE: Ideally when you get off the phone with the user, your ticket should be ready to save. Try to work on it any time you're waiting on the user.
      NOTE: If the user mentioned at all that they already had an open ticket, locate it. If it is still open, update it and resolve it, otherwise, make a new ticket.
      1. Ticket header
        1. Title : "Boilerkey - New Device"
        2. Ticket Type : "Service Request"
        3. Submission Method : "Phone" or "Walk-in"
          NOTE: If this was an existing ticket, leave this as it was.
        4. Status : "Resolved" (assuming you resolved it)
        5. Resolution Code : "Completed Successfully" (assuming you did)
        6. Schedule Date : Set for 1 week, 7 days, from now
          NOTE: Do not EVER use the "Current date and time" checkbox, EVER!
      2. Contact Information Tab
        1. User ID: Fill in their username
        2. Press 'Enter' key to auto-fill the rest of the fields on this tab
      3. Issue Information Tab
        1. Category : "Security"
        2. Service : "Identity & Access Management"
        3. Service Offering : "Boilerkey"
        4. Another dropdown should appear when you select "Boilerkey",
          1. Assuming you followed the above process, you should Ctrl+Click to select AT LEAST:
            1. "Boilerkey-Bypass Code"
            2. "Boilerkey-New Device"
          2. If any other issues came up, you'll want to also select them, and elaborate in your tech notes
        5. Urgency : "Scheduled" (should auto-fill)
        6. Impact : "Minimal" (should ALWAYS be selected, Moderate is 40+ people)
        7. Tech Notes : Anything irregular about the call, anything of note. These are a pretty 'standard' call by this point, so usually left blank.
      4. Customer Note
        1. These are a pretty standard and frequent call by this point, you should probably have a Customer Note made up for just this type of call.
        2. Consult with your Supervisor if you don't know how to make a note, or aren't sure what to include in it.
      5. Assignees and Notifications
        1. Assign the ticket,
          1. Using the dropdowns,
          2. Find your team,
          3. Find yourself within that team,
          4. Double-click to assign
        2. Check the "Contact" checkbox on the right so that the user receives your Customer Note
        3. If you feel like the call went well, or above average, check the "Send Survey to Customer" box also

    17. Save the ticket, prepare for your next customer

    Anchor
    customernote
    customernote

    Panel
    borderColorPurple
    titleColorpurple
    borderWidth2
    titleBGColorplum
    borderStylesolid
    titleQuick Note Contents

    Click here for a customer note to use on these types of tickets