If your users are authenticating using one of the Directory Authenticators (Active Directory or one of the LDAP type authenticators), you can configure Cloud Access Manager to use a second factor of authentication in addition to a password. The secondary authentication methods available are:
The configuration options for these methods are described in the following sections.
Complete the RADIUS Connection Settings to allow Cloud Access Manager to connect to an authentication service using the Remote Authentication Dial-In User Service (RADIUS) protocol. Please refer to the table below for a detailed explanation of each feature.
Field | Functionality |
---|---|
Hostname/IP Address (including port) |
Enter the fully-qualified domain name or the IP address of your authentication service host and the UDP port number on which the authentication service is listening. The IANA-registered port number for RADIUS is 1812. For example radius.example.com:1812 |
Shared Secret |
Enter the password or passphrase used to encrypt sensitive information in the RADIUS traffic sent to the authentication service. The authentication service must be configured with the same shared secret. |
Challenge/Response Server |
Many RADIUS authentication services are capable of maintaining an authentication session with multiple requests and responses. This allows challenge-response authentication tokens to be used, as well as other features like password expiry and token time window resynchronization. If your authentication service supports challenge/response mode, then select the Challenge/Response Server box. |
Attribute to use for RADIUS username |
Enter the name of the Active Directory attribute whose value is to be relayed to the RADIUS authentication service to identify the user. The default, sAMAccountName, contains the login username. |
Test Connection |
To determine whether Cloud Access Manager has connectivity to the RADIUS authentication service. |
The configuration procedure is similar whether you are using smart card as a primary or secondary factor authentication method. The following steps describe how to configure Cloud Access Manager for smart card authentication:
For detailed instructions on smart card configuration, please refer to Configuring smart card authentication.
Starling 2FA is a cloud based authentication service that allows users to self-register and then access their one time passwords on both mobile and desktop devices. For further information on accessing Starling 2FA and using Cloud Access Manager to authenticate Starling 2FA users, please refer to Configuring each application.
When you have obtained a Starling 2FA subscription, you must complete the following fields to allow Cloud Access Manager to connect to the service:
Field | Functionality |
---|---|
Starling 2FA subscription key |
Enter the subscription key that was supplied when you registered for Starling 2FA. You can also obtain this key from the dashboard of your Starling 2FA instance administration portal. |
Attribute to use for mobile phone number |
Enter the name of the attribute from the primary directory (Active Directory / LDAP) whose value is to be relayed to the Starling 2FA authentication service to identify the user. The default attribute is mobile, this usually contains the user's mobile telephone number. |
Default country code for phone numbers |
Select the country for which mobile telephone numbers can be specified without the country code prefix. If you have telephone numbers in your directory that are not in the default region they must begin with a plus sign followed by the numeric region code. |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center