1. Implementing Receivables Credit to Cash
  2. How You Configure Two-Factor Authentication Using A Security Key File

How You Configure Two-Factor Authentication Using A Security Key File

You can enable security key file-based authentication in addition to the user credential-based authentication for more secured transmission. The key pair can be generated within Payments or can be generated externally and imported.

You can use the private key within Payments and share the public key with your bank.

Importing an Externally-Generated Security Key File

Before you import the security key file, ensure that these conditions are met:

  • The Master encryption key has already been configured using the Manage System Security Options task.

  • Ensure that the key file name doesn’t have any special characters other than the underscore (_).

  • Ensure that the key file has the SSH extension (file name has .ssh as suffix).

  • Ensure that file name length (including the extension) doesn't exceed 26 characters.

Here’s how you import externally generated private security key file:

  1. Upload the file in UCM using the File Import and Export utility. Use this UCM account: fin/payments/import.

  2. Create or update the SFTP transmission configuration.

  3. Select the private key file that should now be available in the Client Private Key File choice list.

  4. Enter the applicable password for this key file in the Client Private Key Password field and then click Save.

Generating a Key File

Perform these steps to generate a key file within the Payments application:

  1. In the Setup and Maintenance work area, go to the Manage Transmission Configurations task:

    • Offering: Financials

    • Functional Area: Payments

    • Task: Manage Transmission Configurations

  2. Select the transmission protocol for which the key pair must be generated.

  3. Create a new transmission configuration or select an existing one.

  4. Enter the transmission details.

  5. In the Value choice list for the Client Private Key File, select Quick Create to generate a key pair.

    Note: You must enter the password for private key file in the Client Key File Password field.

The application generates the key pair and populates the Client Private Key File field with the private key file name. This file name has the SSH extension. You can download the corresponding public key file from the UCM account /fin/payments/import. This public key has the same file name as the private key. However, it has a PUB extension (file name has .pub as suffix). Share the public key file with the bank to deploy it on the SFTP server.

Creating Private Keys Using the Advanced Create Feature

In addition to the Quick Create feature, you can also generate private keys by selecting Advanced Create from the Value choice list. Advanced Create feature lets you configure certain properties to generate stronger keys. You can configure these properties for client private keys that use SSH encryption:

Option

Description

Key Type

The type of SFTP key generated.

  • RSA: Key is generated using the RSA algorithm.

Length

The number of bits in the SFTP key (or key size).

  • 2048: 2048-bit key

  • 3072: 3072-bit key

  • 4096: 4096-bit key

When you generate a private key using the Advanced Create option, a corresponding public key is exported to UCM from where you can download it. Similar to Quick Create, you must provide a key password when you use Advanced Create to generate a private key.

Exporting and Deleting Keys

The Export and Delete option lets you securely export selected private or public keys that use SSH encryption. This lets you use the same key for different environments. When you export a key using this feature, the key is exported to UCM from where you download it. If the selected key is a private key, you must also provide the key password. No key password is required for exporting public keys.

You can also use this feature to delete SSH keys. However, you can’t delete a key that’s currently attached to a transmission configuration. When you delete a system-generated private key, its corresponding public key is also deleted. You must also provide the key password when deleting a private key. You don’t need a password to delete a public key.

The Export and Delete feature works for both application-generated keys and imported keys.