FAQs
Windows Login
General
1.1 Can I install GoTrust ID to login Windows for personal use?
No. GoTrust ID computer login will function in connection with a specific authentication server, such server will be installed in the enterprise on-premises or cloud environment managed by enterprise. If your company has Azure AD environment, you can plug-n-play Idem Key for Azure AD managed Windows device without building authentication server.
1.2 Does GoTrust ID computer login support Linux OS, MacOS other than Windows?
GoTrust ID computer login can support Windows and MacOS, not Linux OS.
1.3 Does GoTrust ID support Windows Azure AD or Active Directory (AD) environment?
GoTrust ID supports Windows Azure AD, Active Directory (AD) or Hybrid environments.
1.4 Does GoTrust ID support local account without joining domain?
Yes, GoTrust ID can support local account.
1.5 Does GoTrust ID support offline login?
Yes, your phone will communicate via BLE automatically if PC is offline. Besides phone, security key – Idem Key is a recommended login method if internet connectivity is limited.
1.6 How can I login if phone is unavailable?
User can login using an Idem Key under various scenarios, or ask for a designated security code from corporate administrators to complete login. Don’t worry, security code from administrator also supports offline login.
1.7 Is it possible to use the same authenticator for both online and offline login?
Yes, phone and Idem Key can use for both online and offline login. GoTrust ID phone app provides internet or BLE connection, and we manufacture our own USB security key – Idem Key to provide consistent user experiences.
1.8 Does GoTrust ID support Windows 10 and Windows 11?
Yes, GoTrust ID supports Windows 10 version 1809 above and Windows 11.
1.9 Does GoTrust ID support Windows Server 2016 or 2019?
Yes, GoTrust ID supports Windows Server 2016 and 2019. In Windows Server environment, GoTrust ID phone authenticator will not support BLE communication, it must be internet connected.
1.10 Does GoTrust ID support Windows Vista, Windows XP, Windows 7, Windows Server 2008?
Microsoft ended support for Windows Vista on April 11, 2017, ended support for Windows XP on April 8, 2014 and ended support for Windows 7, and Windows Server 2008 on January 14, 2020. Upgrading to a supported version of Windows is necessary for security concerns.
1.11 Does GoTrust ID mobile application support iOS and Android?
GoTrust ID mobile application supports iOS 10 and above, Android 6 and above.
1.12 What login interfaces can GoTrust ID protect?
GoTrust ID provides password-free login experiences for local desktop, Windows Remote Desktop Connection and other remote console tool, such as VMware remote console.
1.13 How does corporate IT to login user’s PC for troubleshooting?
GoTrust ID provides dedicated entry for corporate IT. Enrolled corporate IT can login user’s PC with his or her registered phone authenticator even the PC is offline.
1.14 Does GoTrust ID support shared computer login scenario?
Yes, GoTrust ID supports shared computer multiple user mode. GoTrust ID provides single user mode by default, shared computer mode can be configured by corporate IT.
1.15 How does GoTrust ID work with Network Level Authentication (NLA)?
Network Level Authentication (NLA) for Remote Desktop Connection is a recommended security feature in Windows. We encourage users to enable NLA when performing RDP for higher security. When NLA is enabled, the RDP client prompts for primary authentication – password, remote PC login screen will appear after primary authentication is verified, user can login to a remote PC by GoTrust ID phone authentication.
More information about NLA and RDP can be found at the Microsoft site .
1.16 Does GoTrust ID protect Windows Remote Desktop Connection login?
Yes. GoTrust ID supports Windows Remote Desktop Connection login.
1.17 Does GoTrust ID support other security keys other than Idem Key?
No. Only Idem Key can be used for GoTrust ID Computer Login.
1.18 Does GoTrust ID Computer Login work with other credential providers?
GoTrust ID Computer Login works with Windows credential provider but cannot be used with other third-party credential providers.
1.19 Do I need to open GoTrust ID mobile app before performing computer login?
If the network connection is good, user will receive a notification on mobile to request for login authentication without opening the app. However, you need to keep GoTrust ID mobile app open to build BLE connection between phone and computer if network is temporarily not available.
1.20 How can I login if my Windows device Bluetooth settings is turned off and I do not have any Idem Key?
You can perform login by following methods:
⦁ In-App Security Code: User can find this code on the mobile.
⦁ Security Code generated from AdminPortal: Ask for this Security Code from corporate IT.
1.21 What should I do if my fingerprint cannot be recognized on phone?
To improve fingerprint recognition on the phone, you can try removing and reregistering your fingerprint. Also, when biometrics fail during authentication process, app will also request for passcode to proceed the authentication.
1.22 What should I do if I do not receive biometric verification request on the phone when performing login even if I have enrolled successfully?
Please allow GoTrust ID to use Touch ID/Face ID, Bluetooth, Camera, etc. while installing GoTrust ID mobile app on your phone. Or go to Settings -> GoTrust ID to enable the settings.
1.23 Can I use the same Idem Key to perform Windows login and cloud FIDO-enabled services login, such as Google, Facebook, Twitter and etc.?
Yes, you can use the same Idem Key to perform secure login on Windows device or cloud FIDO-enabled services.
1.24 Can I share my Idem Key with other people?
We suggest one Idem Key only registered under one account and kept by one person as his or her own private login key. Each Idem Key is protected by the PIN which is set by the key owner. If you keep this PIN confidential, your device is still safe even the key was lost. Please report to corporate admin immediately to delete your Idem Key authenticator from AdminPortal if you lost the key.
1.25 Can I keep Windows Hello PIN or Windows Hello Biometrics login options along with GoTrust ID?
Yes, corporate IT can configure such settings in the AdminPortal.
1.26 Does GoTrust ID support AD change password policy?
Yes, update password dialog box will appear on PC when password expires. Please insert new password in the dialog box and system will update password automatically, old password will be shown in the dialog box automatically which is hidden behind asterisks (******) for security purpose.
Install and Uninstall for Windows
1.27 Can I install or uninstall GoTrust ID desktop application using Windows Group Policy?
Yes, Group Policy configuration settings can be applied to GoTrust ID desktop application installation. You can contact GoTrust team for step-by-step guide. Learn more about installing software using Group Policy from Microsoft Support.
1.28 Can I deploy GoTrust ID desktop application using other software deployment utilities?
Yes, company can use its software deployment utilities to deploy GoTrust ID desktop application.
1.29 Can GoTrust ID desktop application be automatically updated for new version?
Yes, GoTrust ID desktop application can be automatically updated by configuring in AdminPortal.
Enrollment
1.30 What can I do if I cannot proceed to the next step after using mobile to scan QR code on the PC?
Please make sure you have passed biometrics verification on the phone right after scanning QR code. PC screen will show “Register Successfully” once biometric authentication on the phone has been verified and phone has completed registration with authentication server.|
If problem still exits, please check the connection environment between phone and authentication server.
1.31 Which password should I insert during enrollment?
Please insert your Windows device login password.
1.32 How many PCs can enroll GoTrust ID under same user license account?
Normally one user license account can register 5 computers maximum.
1.33 How many phones or Idem Key can I enroll as GoTrust ID authenticator to login Windows device?
You can enroll multiple phone authenticators or multiple idem keys to login your Windows device.
DNS Pointing
1.34 How can GoTrust ID desktop application connected to GoTrust ID server?
You can use provided batch file to install GoTrust ID desktop application, such file has already assigned server connection, user can easily complete installation using designated batch file. Another way is creating DNS Forward Lookup Zones as business.gotrustid, Host Name as server with mapping GoTrust ID Server IP address. GoTrust ID desktop application will automatically connect with GoTrust ID server at first launch.
Server Environment
General
2.1 Where do company host GoTrust ID server?
Company can host GoTrust ID server on premises or in the private cloud. It depends on the company’s operational decisions and data protection regulations.
2.2 How can I install GoTrust ID server?
VM download link will be provided by GoTrust or vendor. Ubuntu is the default operating system environment we provide. Windows Server is also provided by request, Windows server license will be prepared by client.
2.3 What is the minimum server requirement?
2.4 Do I need to prepare SSL certificate?
Yes, SSL certificate in .pfx format is required for GoTrust ID server configuration.
2.5 Does GoTrust ID server support High Availability (HA) structure?
Yes, GoTrust ID server supports High Availability (HA) structure to ensure a level of operational performance.
2.6 Does GoTrust ID server run on Windows server or Linux server?
GoTrust ID server can run on Windows server or Linux server.
2.7 Does GoTrust ID server time need to be accurate and correct?
Accurate and reliable time is highly important for server, PC and phone. Time discrepancy will result in login error. Please use Network Time Protocol (NTP) or other practical method to set correct time for GoTrust ID server.
1.1 What is Idem Key ?
Idem Key, a physical security device used for authentication, supports FIDO2, PIV, and HOTP functionalities. It adds an extra layer of security to access accounts and systems.
1.2 How to reset Idem Key on Windows?
To reset a security key on Windows, begin by opening the “Settings” menu from the Start menu by selecting the gear icon. Then, navigate to the “Accounts” section. Within “Accounts,” select “Sign-in options.” Here, located the option labeled “Security Key.” Once found, click on “Manage” and insert the Idem Key. You will then find the reset option available.
Please be aware that resetting Key will erase all FIDO data. This means if you have previously registered your security key on another application, resetting the security key will render it unusable for login.
Related video: https://www.youtube.com/watch?v=Skx8s5C95c0
GoTrust ID computer login can support Windows and macOS, not Linux OS.
1.3 How to change PIN of Idem Key on Windows?
To change PIN of Idem Key on Windows, begin by opening the “Settings” menu from the Start menu by selecting the gear icon. Then, navigate to the “Accounts” section. Within “Accounts,” select “Sign-in options.” Here, located the option labeled “Security Key.” Once found, click on “Manage” and insert the Idem Key. You will then find the change option available.
1.4 How to reset Idem Key on MacOS?
To reset a Idem Key on MacOS via Chrome, begin by opening the “Settings” menu of Chrome. Then, navigate to the “Privacy and security” section. Within ” Privacy and security,” select “Security.” Here, located the option labeled “Manage security keys.” Once into the page, you will then find the “Reset your security key” option available.
Please be aware that resetting Key will erase all FIDO data. This means if you have previously registered your security key on another application, resetting the security key will render it unusable for login.
1.5 How to change PIN of Idem Key on MacOS?
To change PIN of Idem Key on MacOS via Chrome, begin by opening the “Settings” menu of Chrome. Then, navigate to the “Privacy and security” section. Within ” Privacy and security,” select “Security.” Here, located the option labeled “Manage security keys.” Once into the page, you will then find the “Create a PIN” option available.
1.6 How to set up Idem Key on applications?
The Idem Key supports account authentication for various applications, and the registration process is mostly similar. Typically, you first enter the account settings screen, then navigate to the security or privacy-related page. Once on that page, you select options related to multi-factor authentication or similar. After clicking into it, you’ll see the option for a security key. At this point, you can register your Idem Key.
Related video: https://www.youtube.com/@gotrustidinc.5164/videos
1.7 What should I do if I forget my PIN of Idem Key?
Currently, no one except yourself knows the PIN set for the Idem Key, and if the maximum number of incorrect PIN entries has been reached, resulting in the Idem Key being locked, we can only recommend resetting the Idem Key.
Please be aware that resetting Key will erase all FIDO data. This means if you have previously registered your security key on another application, resetting the security key will render it unusable for login.
1.8 Where can I download GoTrustID for computer login?
GoTrustID is now exclusively designed for enterprise use. Individual application services have been discontinued. If you have enterprise requirements, please don’t hesitate to contact us.
1.9 How can organizational personnel apply Idem Key for computer login?
Currently, if utilized by organizational personnel, configuration for computer login with Idem Key necessitates setup by your company’s IT staff through Azure AD (Entra ID) login options.
The client can access the settings by logging into the Microsoft Entra admin center. From there, they should navigate to “Protection/Authentication methods” and then proceed to “Policies.” Under “Policies,” they can select “FIDO2 security key” and enable the option for FIDO2 security key.
1.10 How can individuals apply Idem Key for computer login?
If you’re an individual user, refer to the article provided below on using Idem Key to log in to Windows, which needs to meet Microsoft’s basic requirements. Users can find these requirements at the beginning of the article. If the system meets these basic requirements, follow the instructions provided in the article to proceed with the setup.
Related article:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-windows
1.11 What are the AADGUIDs of Idem Key?
The AAGUIDs can be found on page 7 from the link of the document below.
https://gotrustid.com/download/GoTrust_IdemKey_user_manual.pdf
1.12 What’s the maximum number of stored resident keys?
According to the FIDO2 protocol, the storage limit for Idem Key Discoverable Credentials (Resident Keys) is 30.
1.13 How to delete individual resident keys or view the stored resident keys?
There isn’t a direct method to delete or view individual resident keys stored in the FIDO2 storage without performing a complete reset of the security key. The standard procedure for managing resident keys usually involves resetting the security key, which leads to the removal of all stored keys.
1.14 Where is the NFC detection area of smart phone??
The NFC antenna of smart phones is located around the rear camera. When sensing, please make sure to place the Idem Key at the top edge of the phone, as demonstrated in the video, or around the rear camera of the phone.
Related video: https://www.youtube.com/watch?v=0DhrFzhHcdU
1.15 What is the PIN of Idem Key?
When you purchase Idem Key, it comes without a default PIN. For applications such as Google account, Facebook, GitHub, and others, when you register Idem Key as a login or two-factor authentication option, the application will prompt you to set a PIN for Idem Key. Once set up, you will be required to enter this PIN whenever prompted to log in.
1.16 Why is my Idem Key blocked?
When the message indicating that the Idem Key is locked appears, it is usually due to entering the wrong PIN too many times. Once locked, you can only reset it and set a new PIN.
1.17 What should I do if my Idem Key is blocked?
When the Idem Key is locked and unusable, it usually accompanies a message like “The FIDO security key has been blocked for security reasons.” At this point, you must reset your Idem Key to unlock it. Please refer to the following instructions for resetting the Idem Key.
Please Keep in mind that resetting the key will erase all FIDO data, making it unusable for login if registered on another application.
- Windows: https://www.youtube.com/watch?v=Skx8s5C95c0
- macOS: To reset an Idem Key on macOS via Chrome, open Chrome’s “Settings” menu, then go to “Privacy and security” and select “Security.” Choose “Manage security keys” and find the option to “Reset your security key.”
1.18 How to log in to macOS with Idem Key?
Using Idem Key as an option for macOS requires admin account and utilizing the PIV functionality. You must first download Idem Key Manager.
- PIV Management-Configure PINs:
- You can change the PIN, PUK of PIV and management key on this page.
- The default PIN of PIV is 123456; The default PUK of PIV is 12345678.
- The default management key is 010203040506070801020304050607080102030405060708. You can click the checkbox next to “Use Default” to obtain the management key, it based on you have never changed the management key.
- PIV Management-Certificates:
- You need to generate or import certificates for both Authentication(9a) and Key Management(9d).
- Please click “Generate” or “Import”.
- Then you will need to choose the algorithm. Please note that RSA1024 and ECCP384 are unsupported for macOS login. Please choose RSA2048 or ECCP256.
- The default PIN of PIV is 123456. You can change PIN of PIV and management key in Pin Management page.
- Then click “Confirm.”
- Configuring Idem Key for macOS account login:
- When you insert the Idem Key into the macOS device, a notification will appear.
- Then click “Pair”.
- If no message appears, you can use a command to bring it up. Open Terminal and enter the command “sc_auth paring_ui -f”.
4. You will be prompted to enter the password and the PIN of PIV.
- Firstly, please enter the password of user’s account.
- Secondly, please enter the PIN of PIV.
- Finally, please enter the password of user’s account again.
- Log in to macOS:
To verify the setup, lock your Mac and ensure that the password field prompts for a PIN when you insert your YubiKey. Attempt to unlock your session using your Idem Key by entering the PIN.
1.19 Is Idem Key compatible with Apple ID?
Yes, Idem Key is suitable for use with Apple ID. You can refer to the following link for information on the required device conditions and setup paths. https://support.apple.com/en-us/102637
How to set up: https://www.youtube.com/watch?v=0DhrFzhHcdU
1.20 Is Idem Key compatible with ID Austria?
1.21 I would like to use the Idem Key to access ID Austria. How should I prepare the Idem Key?
1.22 I would like to register Idem Key as my login method on M365, but I can’t find the security key option in Multi-Factor Authentication registration from Microsoft website. What should I do?
Regarding the absence of the security key option in Multi-Factor Authentication registration on M365. Please ensure if FIDO2 security key option is enabled in the administrator’s Azure AD (Entra ID) management system. The administrator can follow the steps below to access the settings:
Step1: Log in Microsoft Entra admin center.
Step2: Choose Protection/Authentication methods.
Step3: Click Policies -> FIDO2 security key.
Step4: enable FIDO2 security key option.
Then the user can check if there is an option to register a security key as part of the multi-factor authentication on M365.
1.1 What is Idem Key Plus?
Idem Key Plus, a derived version of Idem Key, extends support to traditional PKI applications and is available in three versions: Plug-n-play (Middleware-free), PKCS#11, and FISC-II versions.
1.2 What are the differences between Idem Key Plus Plug-n-play (Middleware-less), PKCS#11, and FISC-II versions?
The PKCS#11 version of Idem Key Plus supports traditional PKI operations through the PKCS#11 library interface, while the Plug-n-play (Middleware-less) version leverages GoTrust’s patented technology to conduct traditional PKI certificate signing operations via the FIDO2 webauthn API, eliminating the requirement for additional middleware.
The FISC-II compliant Idem Key Plus integrates the FISC-II applet—a benchmark for secure and effective financial data interchange and electronic payments between entities in Taiwan. Taiwan’s FISC II standard outlines the requisite guidelines and protocols for deploying and overseeing PKI within the financial arena.
1.3 Does Idem Key Plus retain FIDO functionality?
Yes, in addition to its new PKI functionalities, Idem Key Plus retains the FIDO functionalities, offering versatile security options.
1.4 Is there any software or library installation required for the Plug-n-play (Middleware-less) version?
No, you don’t have to install any software or driver for using the Idem Key Plus of Plug-n-play (Middleware-less) version. We utilize patented technology to enable seamless plug-and-play certificate support for Web PKI applications.
1.5 How does the Plug-n-play (Middleware-less) version of Idem Key Plus work without additional software?
By leveraging GoTrust’s patented technology, the Plug-n-play (Middleware-less) version enables web applications to directly conduct PKI signature operations through the browser’s FIDO2 webauthn API interface.
1.6 How do I use the Idem Key Plus PKCS#11 version on my system?
Install the PKCS#11 library according to GoTrust’s developer guidelines and utilize it to enable PKI operations within your applications on Windows, macOS, and Linux platforms.
1.7 What operations can I perform with Idem Key Plus?
You can conduct a variety PKI-related operations, such as RSA or ECDSA digital signatures, encrypted communications, and identity authentication, among others.
1.8 Where can I find technical support for Idem Key Plus?
For technical support and guidance on Plug-n-play (Middleware-less), PKCS#11, and FISC-II versions, please contact GoTrust support via email support@gotrustid.com.
1.9 What should I do if my Idem Key Plus is damaged or lost?
Immediately revoke the affected certificates and adhere to the issuer’s guidelines for obtaining and setting up a new security key.
1.10 How is the security of Idem Key Plus ensured?
Utilizing advanced encryption technologies and adhering to stringent security protocols, Idem Key Plus offers a high level of security and privacy protection, reinforced by FIPS 140-2 Level and FIDO Security Level 2 certifications.
1.11 Do I need to reinsert the Idem Key when proceeding with the transaction release?
No, you do not need to complete the transaction by reinserting the Idem Key. We utilize touch mechanism, allowing manual intervention through finger touch, optimizing transaction without the need for reinsertion.
1.12 How to implement Idem Key Plus?
- Plug-n-play (Middleware-less) version: We need cooperation from the corporate internet banking system integrator to make the system changes.
- PKCS#11 version: The user needs to install middleware to support GoTrust PKCS#11.
- FISC-II versions: The existing system can be used with a card reader paired with FISC-II chip card.
If you have any further questions, please contact GoTrust support via email support@gotrustid.com.
