XENTRY Flash *MFA required
XENTRY Diagnosis has become even more secure!
For commissioning, programming and coding of ECUs (XENTRY Flash) an additional, second authentication is mandatory for each user. This process is similar to a TAN authentication as requiered for online banking.
For authentication, you need one of the following two factors:
Smartphone authenticator app (e.g. PingID, Microsoft Authenticator)
OR
USB security key
You can use any key of your choice, as long as it supports the FIDO2 standard.
Available from specialist electronics retailers or directly from the manufacturer.
We recommend that you set up both options right away. If you lose one of the authentication factors, you will remain able to work with the second one!
To assist you in setting up the factors, we provide you a compact HelpCard for download.
Download
— HelpCard (PDF)
Reset of the second factor
If you are no longer able to authenticate, you have several options:
1) If you have lost/forgotten your smartphone, but you have set up another second factor (USB security key), you can use that one.
2) If you don't have an alternative second factor set up, contact your org admin. The org admin can reset the second factor for you so that you can create a new one. If you don't know your Org admin, you can check it via Alice under your profile data. To do this, click on "Administrators".
Instructions for org admins on how to reset the second factor (PDF).
Multiple uses for your workshop
Whether for flashing, SCN/CVN coding or entering equipment codes: XENTRY Flash can be used with Mercedes-Benz Cars (including smart*, Maybach and SLR) as well as with Mercedes-Benz Vans.
Conveniently, all processes are fully integrated within the diagnostics software (XENTRY Diagnosis, XENTRY DAS) requiring fewer manual intervention from your mechanics.
* except smart model #1
Automatic SCN coding and VeDoc reverse documentation
After the programming of the control unit, the SCN coding (if permitted by the control unit) as well as the reverse documentation run automatically in the VeDoc Vehicle Documentation System. Any changes made to the vehicle or the control unit software are updated on the VeDoc vehicle data card.
Single sign-on for convenient working (Single-Sign-On)
Once you are logged into one of our workshop applications (e.g. XENTRY Flash, WIS etc.), no further sign-on to the central online systems is required, resulting in smooth workflows in your workshop.
Diagnosis User Rights
New diagnosis user rights as of 06/2020
With the introduction of the E-Class facelift and the new S-Class, a new security concept is being introduced, which will also have significant effects on the XENTRY Diagnosis software.
As of the 06/2020 data release, a prompt to enter a personalized user name and password will appear when accessing the new E-Class and S-Class. It is not possible to diagnose these vehicles without entering this information. This means that these vehicles can no longer be repaired/diagnosed without diagnosis access authorization. Every user must go through an identification process in order to acquire the corresponding user rights for the facelift of the E-Class and subsequent models. Please note that it is no longer possible to diagnose these model series with a XENTRY Diagnosis Kit 2. You will need a XENTRY Diagnosis Kit 3 at least.
A distinction is made between two types of user rights:
• XENTRY Standard Diagnosis (for diagnosis users without XENTRY Flash authorization, e.g. for reading and erasing fault memories)
• XENTRY Flash user (corresponds to the current XENTRY Flash user)
Please use one of the following options:
1. XENTRY Flash authorization:
Both XENTRY Flash-roles (Standard-Flash role and Extended Flash role for alle CeBAS vehicles) can be applied via UMAS.
Each user must independently carry out a one-time identification via UMAS to get the Flash roles.
2. XENTRY Standard Diagnosis rights:
Every diagnosis user must independently request the Standard Diagnosis rights via https://umas.mercedes-benz.com/umas and run through the one-off identification process. It may also be necessary for the market-specific ISP support to create the user in GEMS if they do not yet have a user ID.
What is certificate-based diagnosis and why was it introduced?
The vehicle is developing ever gradually into a "mobile computer". This in turn makes the vehicle the target object for hacker attacks and misuse. The number of news items in the press has grown massively. UNECE regulations will, in future, require protection of the vehicles. Mercedes-Benz is also introducing corresponding security measures.
To help protect against any unauthorized diagnosis access, the new Mercedes-Benz vehicle software architecture is now available with user-related security certificates.
Which vehicles are affected?
Certificate-based diagnosis was introduced in E-Class facelift vehicles (model series W213 facelift) with individual control units. The S-Class W223 saw the full introduction.
In future, all new model series and facelifts will be equipped with certificate-based diagnosis.
What changes have been made to the diagnosis?
In future, to enable diagnosis to be performed, you will require a certificate provided by the manufacturer. At the start of a diagnosis session, this certificate is exchanged between the tester and the vehicle. This process is filed in the tester application and it runs in the background.
Where can a certificate be obtained? What is the registration process like?
You are an independent workshop:
If you own a XENTRY Diagnosis Kit 3 or 4, the certificates are provided by Mercedes-Benz AG.
If you own a diagnosis tool from an independent manufacturer, the certificates are provided by the tool manufacturer, if it has concluded a corresponding agreement regarding the use of data with Mercedes-Benz AG.
You are a technical inspection agency or an official bureau:
Please get in touch with us using pti-support@daimler.com.
Which costs will be incurred by a customer?
The certificates are made available by Mercedes-Benz AG to all customers free of charge.
Which data are required? (Personal reference/identification etc)
This is dependent on the level of access involved.
Read access authorizations are bound to an organization and they must be issued for an organization/service operation
Write access authorizations are personalized and require previous personal authentication - either at Mercedes-Benz AG or at the independent tool manufacturer.
What can still be read out and is still available without restriction through OBD? Which functions can I no longer perform without a certificate?
OBD-II functions (SAE J1979) are still available without any restrictions.
For all further functions, diagnosis certificates are required that are either bound to an organization or to a person, depending on the level of access authorization involved.
Multi-factor authentication: your security advantage for all XENTRY applications.
When using XENTRY applications, you benefit from multi-factor authentication (MFA), which will be mandatory from April 1, 2025. This allows us to protect your data and ours even more effectively against unauthorized access.
To access a XENTRY application, you will need:
Username and password
Authentication app (smartphone or Windows desktop) or USB security key
Further information and the option to set up MFA can be found in our MFA Guide.
XENTRY Flash Support
You can select the appropriate category under “Need help?”. If you cannot find a suitable answer in the FAQs, open a ticket at the bottom of the page.
