- Products
- Solutions
- Authenticators
- SaaS
- Compliance
- Services
- Resources
OATH Hardware TOTP Tokens for Office 365 & Azure AD
If your organisation is using Office 365 cloud service and/or Azure ID (Entra ID) enabled with multi-factor authentication (MFA), and your users do not want to use or cannot use the mobile apps (such as the Microsoft Authenticator app) or SMS code, then you can use OATH TOTP hardware token as the alternative authentication device.
Deepnet SafeID hardware tokens are officially recommended by Microsoft for the Azure ID (Entra ID) customers and Office 365 users. Millions of users world-wide are using Deepnet SafeID hardware tokens as a multi-factor authentication device.
There are 2 types of OATH hardware tokens, pre-programmed and programmable tokens, and there are 2 types of Azure AD/Entra ID licenses, premium and basic. You have to select the right type of hardware token according to the type of Azure AD/Entra ID license that you have. For technical information in details on how SafeID hardware tokens work with Azure ID/Entra ID and Office 365, click here for details.
Entra ID/Azure AD Premium (P1 & P2)
If you have Entra ID/Azure AD Premium (P1 or P2) license with your Office 365 subscription (if you are not sure, then click here to find out) , then you can use one of the pre-programmed SafeID hardware tokens below. With the pre-programmed token, you can quickly enroll and deploy tokens to your entire user base without involving your users at all.
How it works
Every one-time password (OTP) token generates different and unique numbers, that is because every token is programmed with a unique piece of code called secret or seed. Pre-programmed tokens are programmed at factory, and cannot be re-programmed. Pre-programmed tokens come with a token file that contains the secrets of all of tokens. The customer's system administrator will upload the tokken file onto their service account, such as Azure AD account, and assign tokens to their users. Once a token is assigned to a user, it is ready to be used by the user without further actions.
SafeID/Classic
SafeID/Classic has a long history in the OTP token industry. It is very popular, reliable and robust. Its classic & elegant design will never go out fashion. SafeID/Classic is OATH/TOTP compliant.
Technical SpecificationCompare ➽
SafeID/Enterprise
SafeID/Enterprise is a newly designed OTP token that aims to be the all-round best OTP token. It is small, lightweight, portable and rugged. SafeID/Enterprise is OATH/TOTP compliant.
Compare ➽
SafeID/Mini
Measured at only 44 x 19 x 6.5 mm, SafeID/Mini is one of the smallest one-time password tokens in the world. It is time-based, OATH/TOTP compliant.
(touch button on the back)
Technical Specification
Compare ➽
SafeID/Anytime
SafeID/Anytime is a button-less OTP token that displays one-time password on the screen at all times. It is time-based, OATH/TOTP compliant.
(no button, always on)
Technical Specification
Compare ➽
SafeID/Classic Card
SafeID/Classic card is a time-based, OATH/TOTP compliant one-time password card. It is in the same size as a credit card, therefore can be safely kept in a wallet or a pocket.
Technical Specification
Compare ➽
SafeID/Audio
Designed for vision impaired people, SafeID/Audio speaks out the one-time password as it is displayed on the LCD screen. It is time-based, OATH/TOTP compliant.
Technical Specification
Compare ➽
Entra ID/Azure AD Basic (Free)
If you do not have Entra ID/Azure AD Premium license, then your users can use the programmable hardware tokens below to replace the Microsoft Authenticator app.
How it Works
Every one-time password (OTP) token generates different and unique numbers, that is because every token contains a unique piece of code called secret or seed. Azure MFA for Office 365 generates the user’s secret and provides it as a QR code. Using a programming tool, the user’s secret can be programmed into a programmable hardware token by scanning the QR code. This process is exactly the same as that the user’s secret is installed into the Microsoft Authenticator or Google Authenticator app.
You can program hardware tokens using a Windows PC or laptop with a NFC Smart Card Reader, Android phone with NFC function, or iPhone with NFC function. Once a hardware token is programmed, it works on its own. It doesn't connect to your phone or the internet in order to generate one-time passwords.
SafeID/Pro
SafeID/Pro is a programmable OATH/TOTP compliant security token. It is small, lightweight, portable and rugged. It is newly designed to be the all-round best OTP key fob token.
Compare ➽
SafeID/Diamond
SafeID/Diamond is a programmable OTP token that can be used to replace soft token such as Microsoft Authenticator or Google Authenticator. It is time-based, OATH/TOTP compliant.
Technical Specification
Compare ➽
SafeID/PinPad (Pro)
SafeID/PinPad (Pro) is a multi-profile TOTP token that can be programmed to support up to 10 accounts. The device can also be optionally protected by a user PIN.
Technical SpecificationCompare ➽
SafeID/QR
SafeID/QR displays the OTP code as a number as well as a QR code on its LCD screen. It can be directly programmed via USB connection. SafeID/QR hosts one account only per device.
Technical SpecificationCompare ➽
SafeID/QR (Pro)
SafeID/QR (Pro) can host 100 accounts in the device. It can be directly programmed via USB connection. It displays OTP codes as a numbers as well as QR codes on its LCD screen.
Technical SpecificationCompare ➽
SafeID/Diamond Card
SafeID/Diamond card is a programmable TOTP token, like the other SafeID tokens. It is in the same size of a credit card, making it very portable.
Technical Specification
Compare ➽
SafeID/Diamond Card (Mini)
SafeID/Diamond Card (Mini) is the mini version of the SafeID/Diamond Card. It is about 2/3 of the size of a credit card (but slightly thicker).
Technical Specification
Compare ➽