Contents

Documentation

Guide of administrators

Version: 1.5.4
Created at: 2021.07.20
User guide of the administration website. Learn how to register, manage your users, applications and more...

Registration

Registering an organization

To start using the PassByME service and securing your systems you must first register an organization. To successfully register an organization please prepare your mobile device with the PassByME application installed and an e-mail account you are able to access during the registration.

Follow these steps

Visit admin.passbyme.com.
Click on 'Register a organization'.
Choose a name for your organization. You can choose any name you like. The name of the organization can be changed later.
Provide an e-mail address. This is going to be the login name of the administrator that is created alongside the organization. Choose a valid e-mail address that you can access during the registration as we are going to send an activation code to it.
Choose a password. Be sure to choose a password that complies with our password policy which you can read at the right side of your screen.
Confirm your password by typing it again.
Provide a name for your new administrator.
Click 'Submit'.
Check your e-mail for our mail with the activation code.
Enter your activation code and click 'Activate'.
Make sure that you have your mobile device with you and the PassByME application installed.
Start the PassByME application. Tap the QR code on the screen.
The QR code reader starts so you can read the QR code that appeared in your browser.
Follow the instructions on your mobile.
You are now ready to log in to your new organization.
 

Registering with invitation

If you would like to join to an already registered organization first you should ask an administrator to provide you with an invitation code. With your invitation code you can join the organization as an administrator. To successfully register please prepare your mobile device with the PassByME application installed and an e-mail account you are able to access during the registration.

Follow these steps

Visit admin.passbyme.com.
Click on 'I have an invitation code'.
Provide the invitation code you received.
Provide an e-mail address. This is going to be the login name of your administrator that is created for the organization. Choose a valid e-mail address that you can access during the registration as we are going to send an activation code to it.
Choose a password. Be sure to choose a password that complies with our password policy which you can read at the right side of your screen.
Confirm your password by typing it again.
Provide a name for your new administrator.
Click 'Submit'.
Check your e-mail for our mail with the activation code.
Enter your activation code and click 'Activate'.
Make sure that you have your mobile device with you and the PassByME application installed.
Start the PassByME application. Tap the QR code on the screen.
The QR code reader starts so you can read the QR code that appeared in your browser.
Follow the instructions on your mobile.
You are now ready to log in to the organization.
 

Logging in

Dashboard access

If you are an administrator of an organization you can log in into the administration dashboard using the PassByME second factor solution.

Follow these steps

Visit admin.passbyme.com.
Provide your administrator e-mail address.
Provide your password.
Click submit.
Use your mobile phone to approve the login.
 

Forgotten password

If you have forgotten your password to the administration interface you have the option of resetting it. You must have your mobile device with an activated PassByME application at hand.

Follow these steps

Visit admin.passbyme.com.
Click 'Forgot your password?'
Enter your registered e-mail address.
Check your registered e-mail for the password reset link.
Open the link that you have received via e-mail.
Choose a new password.
Using your PassByME application approve that you would like to change your password.
You are now ready to log in with your new password.
 

Lost device

If you have lost your device or you are unable to access your PassByME application for any other reason you can issue a new enrolment for yourself. To do so you must know your administrator e-mail address, your password and you must have access to the e-mail account.

Follow these steps

Visit admin.passbyme.com.
Click 'Lost your device?'
Check your e-mail account for the deactivation code of your device, enter it into the form, solve the captcha and click deactivate. The deactivation code was sent to you via email after your registration. The subject of the mail is 'PassByME Conformation Letter' and the sender is noreply@passbyme.com. If you have more devices registered with the service please make sure you have deactivated all of them before proceeding!
 

Reactivate account

You can reactivate a previously deactivated account.

Follow these steps

After all of your devices are deactivated, try to log in into the administrator dashboard.
A screen will appear asking for your activation code
Check your e-mail for our mail with the activation code. You might have to click 'Resend activation code' to receive a new activation code.
Enter your activation code and click 'Activate'.
Make sure that you have your mobile device with you and the PassByME application freshly reinstalled.
Start the PassByME application. Tap the QR code on the screen.
The QR code reader starts so you can read the QR code that appeared in your browser.
Follow the instructions on your mobile.
You are now ready to log in to the organization.
 

User management

Adding a user

Only your registered users are going to be able to use the PassByME system to authenticate, receive messages and sign documents. To register them you have to create them as users of your organization and issue an enrollment sheet for them. After they read the QR code with their PassByME application their device will be activated. After that the user is capable of using the PassByME service.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Click 'New user'
Provide a Primary PassByME ID for the user. This is going to be the first identifier of the user. Your system can use this identifier to address messages to your user. You can add more PassByME ID-s later.
Provide the Full Name of the user. This is going to be their displayed name in the list of the users and in his certificates.
You have the option to provide an e-mail address of the user. This way we can send them deactivation codes to this address.
You have the option to provide a phone number for the user. The PassByME system is not using this data during it's operation, it is just stored for your convenience.
Click Save to create the new user.
 

Modify user data

Data provided during user registration can be modified later.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to modify in the list of users
Click the pencil icon in the row of the user
Modify the data present
Click Save
 

Adding a PassByME ID

Users can have more different identifiers. These identifiers can be used by your software to address this user under different names. A user can have as many PassByME ID-s as desired.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to create a new PassByME ID for in the list of users
Click the icon in the row of the users depicting three persons
Click New PassByME ID
Enter the chosen ID
Click Save
 

Deleting a PassByME ID

Unused PassByME ID-s can be deleted. After an ID is deleted it can not be used to address the user any more.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user with the PassByME ID you would like to delete in the list of users
Click the icon in the row of the users depicting three persons
Find the PassByME ID you would like delete
Click the trash bin icon
Confirm your decision
 

Disabling/enabling a user

Disabling users in the system disables their ability to use the functionality, authenticate or receive messages until they are enabled again.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to create a new PassByME ID for in the list of users
Check/uncheck the check-box in the row of the user in the Disabled column
 

Deleting a user

Removing users from the system permanently disables their ability to use the functionality, authenticate or receive messages.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to delete in the list of users
Click the icon in the row of the users depicting a trash bin
Confirm your decision
 

View details of a user

For each user there is a summary page where the most important information can be read: the message history of the user, the aliases, devices, and enrollments.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to view in details in the list of users
Click the information icon in the row of the users
You are now navigated to the page containing all the details of the selected user
 

Download report

Downloading report for the users of the organization.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Scroll down to the bottom of the page
Click the button 'Download report' below the list of users table
Wait until the system generates the requested report
Allow popups for this site in the browser if necessary
The browser asks for permission to save the generated csv file on your disk
 

Enrollment management

Enrolling a device

Users need devices to be able to receive messages, do two factor authentication and create electronic signatures. To register a new device an enrollment QR code has to be read with the PassByME application. The QR code can be generated and provided the following way.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to create a new device enrollment for in the list of users
Click the icon in the row of the users depicting a mobile phone
Click Add device enrollment
A new enrollment appears in the Pending device enrollments list
This enrollment sheet contains the enrollment QR code to be used by your mobile device during device enrollment.
 

Download enrollment

The enrollment sheet can be downloaded to the local filesystem and can be provided manually by the administrator(s) for the users later.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to download a device enrollment sheet for in the list of users
Click the icon in the row of the users depicting a mobile phone
Click the icon in the row of any pending device enrollment depicting a download icon
Save the device enrollment sheet containing the enrollment QR code as a pdf document on your disk
 

Delete enrollment

Any unused (pending) enrollments can be cancelled by the administrators.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to delete a device enrollment for in the list of users
Click the icon in the row of the users depicting a mobile phone
Click the icon in the row of any pending device enrollment depicting a trash can icon
Click 'OK' to confirm your cancellation.
 

Send enrollment by email

This function only available for users with configured e-mail address.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user you would like to send a device enrollment for in the list of users
Click the icon in the row of the users depicting a mobile phone
Click the icon in the row of any pending device enrollment depicting a paper plane icon
A green information message appears on the bottom of the page: 'Enrollment Sheet sent'.
 

Device management

Sending deactivation code

Users can deactivate their own devices by visiting the deactivation site and providing their deactivation code. The deactivation code is sent to them via e-mail after a successful device enrollment, if the user has configured e-mail address, and the function is switched on for the organization. If they are unable to find the deactivation code it can be sent/resent to them. This function is available only for users with configured e-mail address in the PassByME system.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user with the device you would like to deactivate in the list of users
Click the icon in the row of the users depicting a mobile phone
Find the device with the lost deactivation code
Click on the paper plane icon in the row of the device
 

Deactivating a device

Users might lose control of their device data over time. Devices can be lost, stolen, erased etc. These devices should be removed from the system disabling their ability to interact with the system.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user with the device you would like to deactivate in the list of users
Click the icon in the row of the users depicting a mobile phone
Find the device you would like to deactivate in the Enrolled devices list
Click on the X icon in the row of the device
 

Certificates of a device

Administrators might need to see the details of the user's certificates currently located and used on their devices.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user with the device you would like to deactivate in the list of users
Click the icon in the row of the users depicting a mobile phone
Find the device you would like to deactivate in the Enrolled devices list
Click on the certificate stamp icon in the row of the device
A new window appears listing the certificate details of the selected user's selected device
 

Download report

Downloading report for the devices of the organization.

Follow these steps

Log in into the dashboard
Click 'Devices' below 'PassByME Users'
Scroll down to the bottom of the page
Click the button 'Download report' below the list of enrolled devices table
Wait until the system generates the requested report
Allow popups for this site in the browser if necessary
The browser asks for permission to save the generated csv file on your disk
 

Administrator management

Inviting an administrator

Administrators can only join to organizations if they are invited. Administrators of the organization are capable of issuing invitation codes for the new administrators

Follow these steps

Log in into the dashboard
Click Administrators
Click 'Invite an additional administrator'
A new invitation code appears in the list, that you can use to invite other administrators
 

Deleting an administrator

Administrators are capable of deleting other administrators.

Follow these steps

Log in into the dashboard
Click Administrators
Find the administrator you would like to delete
Click the trash bin icon
Confirm your decision
 

Editing an administrator

Administrators can edit the basic data of other administrators.

Follow these steps

Log in into the dashboard
Click Administrators
Find the administrator you would like to edit
Click the pencil icon
Modify the data present
Click Save
 

Change role of administrator

Administrators can change the role of other administrators. Important: the administrator cannot change their own role.

Follow these steps

Log in into the dashboard
Click Administrators
Find the administrator you would like to change the role for
Click on the drop down menu in the column 'Role'
Select the new role
 

Devices

Administrators have devices just like the users. You can manage the devices of the administrators just like you manage the devices of the users.

Follow these steps

Log in into the dashboard
Click Administrators
Find the administrator whose device you would like to manage
Click the mobile phone icon
Manage the devices in the same manner you manage the devices of your users
 

Changing password

Administrators can change their passwords

Follow these steps

Log in into the dashboard
Click on your e-mail address on the top right corner
Click Change password
Provide your existing password
Provide your new password twice
Click save
 

Changing login e-mail

Administrators can change their login e-mail addresses

Follow these steps

Log in into the dashboard
Click on your e-mail address on the top right corner
Click Change Login Email
Provide your new e-mail address
Click save
Check your e-mail account to confirm your new e-mail address
 

Access key management

Overview

Access key management allows the user to manage the application and account management keys and the corresponding certificates of the account.
Applications are your way of communicating with your users. Every application is a different entity capable of sending authentication and other messages to users. Each application has its own unique set of public/private RSA keypair securing the applications connection to the PassByME system.
Account management keys are your way of managing your account via the management api. Each management key is a unique set of public/private RSA keypair securing the management api connection to the PassByME system.
The following operations are mainly valid for both types of access keys, where not, it is noted.
 

Adding a new access key

Each application and management access key has its own unique set of public/private RSA keypair securing the applications connection to the PassByME system. An application can have more public/private keypair. Creating a new access key means creating a keypair for it as well.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Click 'Add access key'
Choose access key type (Management key/Application key)
Choose a name for your access key
Click Save
 

Adding maintenance

For each application the administrator can define maintenance period in which period the client devices can not upload SEEN, APPROVED, or DENIED evidences to the system. As well as the first factor identifications can't be finished in the maintenance periods.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Click 'Add Maintenance'
Choose an application for which you would like to start the maintenance
Define subject-body pairs for the mobile clients. For english language it is required, other language-support is optional.
Choose a subject and body for the maintenance in english (required)
Click Activate
 

List maintenance

The maintenance for the applications or the entire organization can be seen in a table between the application and the management key tables. In this table the administrator can operate on any maintenance depending on its current state: modify, view, stop, or delete them.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Choose a piece of maintenance on which you would like to operate
Click on the proper icon on the right side of the selected maintenance: bin for deletion, stop icon for immediate stop, information icon for details etc.
 

Deleting an access key

Unused access keys can be deleted from the system. By deleting them you will invalidate their authentication data making them unable to connect to the system. Each corresponding certificate will be revoked as well.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the access key in the 'Applications' list or the 'Management keys' list you would like to delete
Click the trash bin icon in the row of the access key
Confirm your choice
 

Modifying the icon of an application

You have the option to modify the icon of your application key: either you can restore to the default icon or upload a custom svg icon from your drive.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the application key in the 'Applications' list list you would like to modify the icon for
Click the picture icon in the row of the application key
Browse and upload a custom icon or restore to default
You can download the current icon of the application (stored on server) clicking on the 'Download current icon' button
Confirm your choice
 

Adding an access key with PKCS#10

If your prefer to use a keypair that you generated then you have the option to provide a valid PEM formatted PKCS#10 request so we can issue your authentication certificate.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Click 'Add access key'
Choose access key type (Management key/Application key)
Choose a name for your access key
Click 'I would like to use my own PKCS#10 request'
Paste a valid PEM formatted PKCS#10 request into the text-area appeared
Click Save
 

Certificates of an access key

You might need to see the details of an access key's certificates or want to manage (revoke, issue new certificate) them.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the access key in the 'Applications' list or the 'Management keys' list for which you would like to see the certificate list
Click on the certificate stamp icon in the row of the access key
A new window appears listing the certificates' details of the selected access key
 

Downloading a certificate

Your access key must have its authentication certificates and keys to be able to connect to the service (applications) or the account (management keys). By following these steps you can download an authentication certificate and the corresponding keys (if they were generated by us) in different keystore formats.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the access key in the 'Applications' list or the 'Management keys' list for which one of its certificates you would like to download
Click on the certificate stamp icon in the row of the access key
Click the proper download icon (PFX or PEM column) in the row of the certificate for which you would like to download the PFX or PEM file
 

Password of a certificate

The keystore of your certificates are password protected. After downloading the keystore you still need their password to access their contents. To retrieve the password do the following.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the access key in the 'Applications' list or the 'Management keys' list of which you have downloaded a certificate before
Click on the certificate stamp icon in the row of the access key
Click the key icon in the row of the certificate
A new window will appear containing the password of the keystore
 

Revoke a certificate

Sometimes a keystore might have been compromised forcing you to change your keys, and in this case you have to revoke the compromised one. Each (not yet revoked) certificate can be revoked on the certificate list window.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the access key in the 'Applications' list or the 'Management keys' list of which you want to revoke a certificate
Click on the certificate stamp icon in the row of the access key
Click the ban icon in the row of the certificate
Confirm your choice
The certificate list automatically refreshes: the new state for the revoked certificate is 'REVOKED'
 

Issue certificate for your access key

From time to time you should change the keys of your applications or services (connected by management key) are using. Your access certificates will expire over time requiring you to request new certificates or your current keystore might have been compromised forcing you to change your keys. Either way this function provides you with the ability to change your keys and create new certificates as often as required.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the application in the 'Applications' list or the 'Management keys' list of which you would like to issue a new one
Click on the certificate stamp icon in the row of the access key
Click on 'Issue new certificate'
The certificate list automatically refreshes showing the newly generated certificate
Now you can download your new keystore
 

Issue certificate for your access key with PKCS10

If you don't like that we are generating the RSA keypair for your access key, you have the option to provide a valid PEM formatted PKCS10 request so we can issue your authentication certificate for the keys you have secured.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the application in the 'Applications' list or the 'Management keys' list of which you would like to issue a new certificate
Click on the certificate stamp icon in the row of the access key
Click on 'Issue new certificate using PKCS10 request'
Paste a valid PEM formatted PKCS10 request
Click OK
The certificate list automatically refreshes showing the newly generated certificate
Now you can download your new keystore
 

Modifying the icon of an application

You have the option to modify the icon of your application key: either you can restore to the default icon or upload a custom svg icon from your computer.

Follow these steps

Log in into the dashboard
Click 'Access keys'
Find the application key in the 'Applications' list you would like to modify the icon for
Click the picture icon in the row of the application key
Browse and upload a custom icon or restore to default
You can download the current icon of the application (stored on server) clicking on the 'Download current icon' button
Confirm your choice
 

User activity

Viewing activity log

You can monitor the activities of your users and applications overseeing all the transactions in your organization.

Follow these steps

Log in into the dashboard
Click 'Activity log'
 

Viewing activity log for selected user

You can monitor the activities of your users and applications overseeing all the transactions in your organization.

Follow these steps

Log in into the dashboard
Click 'PassByME Users'
Find the user for whom you would like to view the messaging activity in the list of users
Click the information icon in the row of the user
On the top of the information page you can view the filtered message history for the selected user
 

Download evidences

PassByME provides PKCS7 formatted evidences of a message transaction. There are two types of evidences. PROOF_OF_DELIVERY evidences prove that the user's device received the message. SIGNED_TRANSACTIONs prove that the user accepted/rejected the transaction or has seen a general message. To access these evidences do the following.

Follow these steps

Log in into the dashboard
Click 'Activity log'
In the Message history list find the message of which transactions you are interested in
Click the 'Show recipients' icon in the chosen message row
Click the 'Show evidences' icon in the chosen recipient row
A new window will appear detailing all the evidences for the recipient and giving you the option to download them
 

Download archived evidences

PassByME provides PKCS7 formatted evidences of a message transaction and—as a value-added service—provides the opportunity to archive the evidences of the organization. The download url of the archive package can be found in the evidence list.

Follow these steps

Log in into the dashboard
Click 'Activity log'
In the Message history list find the message of which transactions you are interested in
Click the 'Show recipients' icon in the chosen message row
Click the 'Show evidences' icon in the chosen recipient row
A new window will appear detailing all the evidences for the recipient
If the 'Archive state' column is 'UPLOADED' than archiving has been completed
Click on the package icon in the chosen evidence row
 

Administrators activity

View admin activity log

You can monitor the dashboard activities (login, logout, delete organization) of your administrators.

Follow these steps

Log in into the dashboard
Click 'Activity log'
Scroll down to the section: 'Administrators' activities'
 

Messaging

Messaging to users

PassByME gives your applications the ability to send different types of messages to your users. You, as an administrator have the option to send informational messages to your users. For message sending you must have at least one application access key.

Follow these steps

Log in into the dashboard
Click Messages
Select the sending application from the drop down list 'Select sender application'
In the recipients field you can search the list of your users and add one or more of them to the list recipients
Choose a subject for your message
Write your message
Click Send
 

Advanced messages

PassByME gives your applications the ability to send many types of messages to your users. You, as an administrator have the option to send advanced messages to your users.

Follow these steps

Log in into the dashboard
Click 'Messages'
Click 'Show advanced fields'
Select the sending application from the drop down list 'Select sender application'
In the recipients field you can search the list of your users and add one or more of them to the list recipients (if it's available)
Choose a subject for your message
Choose a preview for your message (optional)
Choose the time duration your message is going to be available for your users to provide evidences. The message can be read later but no evidence is created after the chosen time passes
Add a callback URL (if it's available)
Select 'All users' if you want to notify every users in your organization (works only with 'General message', 'Authentication message', 'Esign message' message type)
Select 'Enforce secureId validation' if you want to enforce the secureId validation on the device (only available with 'Authentication message' and 'One-time password' message type)
Chose a secureId for your message (optional, only available with 'Authentication message' and 'One-time password' message type)
Chose an external identity for your message (optional)
Choose a 'Message type'. Note that messages of type 'Esign' and 'Configuration update' require specially formatted message bodies. Sending badly formatted messages may cause errors in the receiving mobile devices
Select 'Attach file on URL' if you want to attach document on URL
Fill in your document name
Fill in the download URL the document is available on
Choose an expiration date for the URL. Mobile clients may try to download the document prior to the expiration date so the document shall be available on the selected URL until the URL exipires.
Select 'Unlisted' if you would like to create a message that does not appear on the message lists of the mobile device. No push notification is sent for unlisted messages. The unlisted parameter is not available for Configuration Update messages.
Write your message
Click Send
 

Account management

Modifying account details

You have the option to modify the basic settings of your registered organization

Follow these steps

Log in into the dashboard
Click Account settings
Click Modify
Modify the 'Name' field to rename your organization
Modify the 'Contact email' field to choose your support e-mail address we can put on the enrollment sheets your users are going to receive
Modify 'Enrollment validity' to define how long your enrollment codes are going to be valid
Modify 'Invitation validity' to define how long an administrator invitation code is going to be valid
You can specify an email address as the notification address for undelivered (failed) callback messages
You can specify an email address as the notification address for deleted user
Check or uncheck 'Send confirmation letter to users' checkbox to choose if we can send e-mails directly to your users automatically. WARNING: If you disable this option we will not send mobile device deactivation codes to your customers! You should provide them with their activation codes by other means.
You can specify a regular expression for admin manageable PassByME IDs: only the matching users can be managed by administrators
You can specify a maximum allowed inactivity for the devices: after this period of time, the inactive device will be removed from the system automatically
You can specify an application ('Sender of system messages') which will be used as the sender application of configuration update messages
Click Save
 

Custom Mobile App

If you have your own, PassByME capable application you have to set up your organization in such a way, that it can send push messages to your application. By following these steps you can provide all the information required for us, to send messages to your application. The settings are organized into smaller sections, all having their own 'Cancel', 'Save' and 'Set to default' buttons.

Follow these steps

Log in into the dashboard
Click Account settings
Click Custom mobile app
Provide your own enrollment scheme, if required than click button 'Save'
Provide your Firebase Cloud Server Key for custom Android push messages than click button 'Save'
At section 'Apple Push Notification Service' click button 'Cancel' than provide your authentication PFX and its password for custom Apple push messages. You can choose between Production and Sandbox push services. Apply the changes with the button 'Save'
Set the minimum enforced Android application version and minimum iOS application version for devices than click button 'Save'
If later you would like to return to our default settings, click 'Set to default' for that section
 

Deleting your account

In the sad event of you not willing to use our service any more you can delete your account. We are sorry to bid you farewell, but you are welcome join us again!

Follow these steps

Log in into the dashboard
Click Account settings
Click Delete Account
Confirm your choice on the webpage
Confirm your choice on your mobile device