Page Comparison

The authentication method configuration is done using Ubisecure SSO Management or the LDIF import files provided by Ubisecure SSO installation.

...

• Set title:
  CustomerID Password
• Name:
  password.2
• Select method type:
  SPI Password

• Set directory to:
  CustomerID Directory


  


• By default user logs in using the login attribute (which is uid in Ubisecure Directory and sAMAccountName in Active Directory). If you want the user to login using email address, you must add directory.account.login=mail to the configuration string. You must also add general.login.attribute=mail to eidm2.properties. Create eidm2.properties text file under %PROGRAMFILES%\Ubisecure\customerid\application\custom


• Set the optional policy.password.expiring configuration string to show a warning to users during login of a pending password expiry. The value is number of minutes. 10080 is one week. This number should be increased accordingly if users rarely use the system.
• Select Enabled
• Press Update

...

• Set title. Title will be shown in the user interface during login.
SMS
• Name:
ubikey.sms.1
• Select method type:
SPI Mobile Phone

• Set directory to:
CustomerID Directory


  


  Figure 4. SMS method

• By default user logs in using the login attribute (which is uid in Ubisecure Directory and sAMAccountName in Active Directory). If you want user to login using email address, you must add directory.account.login=mail to the configuration string. You must also add general.login.attribute=mail to eidm2.properties. Create eidm2.properties text file under %PROGRAMFILES%\Ubisecure\customerid\application\custom
• You need to define the password-name configuration string. It should contain the name of the used password method (usually password.2).
Image Added

• You need to define the smsUrl configuration string. It should contain the URL of the SMS server.

  Figure 5, SMS URL

• If Active Directory is used as the main user repository for Ubisecure CustomerID then you need to define the methodUserGroupDN configuration string. It points to the AD group which defines those users that are allowed to use SMS authentication. The relative name of the correct group is ActiveSMSUser. The whole DN is installation specific. Typically Active Directory is not used as the main user repository for Ubisecure CustomerID.
• Select Enabled
• Press Update

...

• Set title: Title will be shown in the user interface during login.
One Time Password
• Set name:
ubikey.otp.1
• Select method type:
SPI Ubikey OTP Printout

• Set directory to:
CustomerID Directory


  



• By default users log in using the login attribute (which is uid in Ubisecure Directory and sAMAccountName in Active Directory). If you want users to login using their email addresses, you must add directory.account.login=mail to the configuration string. You must also add general.login.attribute=mail to eidm2.properties. Create eidm2.properties text file under %PROGRAMFILES%\Ubisecure\customerid\application\custom
• You need to define the password-name configuration string. It should contain the name of the used password method (usually password.2).
Image Added

• If Active Directory is used as the main user repository then you need to define the userCredentialsTableDN configuration string. It defines the name of the OTP table object in Ubisecure Directory. OTP Printout authentication method information is stored in Ubisecure Directory for all Active Directory users who use the OTP Printout method and that information will be stored under the OTP table. Typically Active Directory is not used as the main user repository for Ubisecure CustomerID.

  Figure 6, OTP Printout Method, configuration string parameters will be shown after next part

...