Versions Compared

Old Version 19

changes.mady.by.user ubisebastian

Saved on

compared with

New Version Current

changes.mady.by.user ubisebastian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Configure the SAML or OIDC identity provider linked to the first factor method to return end user’s email address and/or mobile phone number.

    1. email address is required for the Unregistered SMTP

    2. mobile phone number is required for the Unregistered SMS

  2. Create an attribute mapping to map the attribute names to be exactly as specified below, which is what the Unregistered SMTP and SMS methods expect for the unregistered multi-factor authentication to work. If the identity provider returns the attributes directly with the expected name, then attribute mapping is not necessary.

    Code Block
    # Create new Attribute Mapping with name "attributemapping" and link it to methods
PUT /inboundPolicy/attributemapping
PUT /inboundPolicy/attributemapping/$link/method/unregistered.smtp
PUT /inboundPolicy/attributemapping/$link/method/unregistered.sms

    1. Attribute name must be phone_number for the mobile phone number.

      Code Block
      # Rename method attribute "mobile" as "phone_number"
POST /inboundPolicy/attributemapping
type=inboundPolicyItem&attributename=phone_number&attributevalue=mobile%7Bmobile%7D

    2. Attribute name must be email for the email address.

      Code Block
      # Rename method attribute "mail" as "email"
POST /inboundPolicy/attributemapping
type=inboundPolicyItem&attributename=email&attributevalue=mail%7Bmail%7D

  3. Set configuration string mfa true for the second factor method.

    Code Block
    # Note that you need to set also the existing configuration parameters, otherwise 
# they get overwritten. In below request "configuration:..." is to mark that.
PUT /method/unregistered.smtp
configuration=mfa%20true&configuration=...

  4. Link the second factor method as the next factor method for the first factor method.

    Code Block
    PUT /method/oidc.1/$link/nextFactor/method/unregistered.smtp

    1. Not possible to set with Management UI.

  5. Link the second factor method to the application site and set it as an allowed method for the application.

    Code Block
    PUT /site/demosite/$link/method/unregistered.smtp

PUT /application/demosite/demoapp/$link/method/unregistered.smtp
enabled=true

...