How logon credentials are created and delivered

For a description of the roles used in this section, see E-Invoice Center roles.

Figure 2

Process for acquiring logon credentials

1	The Developer adds the enrolment form and signed Appointment Letter to the OpenText Support case. A confirmation email is sent from OpenText Support to the Developer and to TrustWeaver.

2	OpenText Support delivers the enrolment form and Appointment Letter to TrustWeaver in order to acquire the logon credentials.

3	TrustWeaver creates logon credentials and control codes for the test and production services. The control codes are required to download the logon credentials.

4	TrustWeaver sends the emails below to the Appointee. Each email contains a link to a web page, via which the logon credentials can be downloaded. On the web page, an email code is defined. The email code, directly followed by the control code, make up the logon credentials password.

–	Test service logon credentials

–	Production service logon credentials

5	TrustWeaver sends the control codes for the test and production services in an SMS to OpenText Support.

6	The support case at the OpenText Support web page is automatically updated with the two control codes. The updated email from step 5, with the control codes, is sent to the Developer.

7

The Appointee extends the responsibility for the logon credentials by distributing the web page links from the emails in step 4 to the Developer. The Appointee is responsible for distributing the web page links in a secure manner. For example, the Appointee must not send the web links to the same email address (inbox) as the control codes in step 6.

The Developer now has access to the links to web pages to download the logon credentials, and the corresponding control codes for authenticating the download operations.

8

After the E-Invoice Center implementation is finished, the Developer must distribute the control codes to the Appointee. The Developer is responsible for distributing the control codes in a secure manner. For example, the Developer must not send the control codes to the same email address (inbox) as the web page links in step 4.

The Developer must then destroy any copies of email codes, control codes, web links, and logon credentials.

The Appointee must store email codes, control codes, web links, and logon credentials securely, for example in a safe or in different places.