Adding or Editing a Domain with Local User Authentication

To add or edit a domain for local database authentication

1. Navigate to the Portals > Domains window and click Add Domain or the Configure icon for the domain to edit. The Add Domain or Edit Domain window is displayed.

   

2. If adding the domain, select Local User Database from the Authentication Type drop-down menu.
3. If adding the domain, enter a descriptive name for the authentication domain in the Domain Name field (maximum 24 characters). This is the domain name users select to log in to the Secure Mobile Access portal.
4. Select the name of the layout in the Portal Name field. Additional layouts can be defined in the Portals > Portals page.

5. All newly created domains in the local database user type should be set with a default password expiration value, as well as the “show expiration warning days” option set to 15. You can manually change it upon creation. Optionally, force all users in the Local User Database to change their password at set intervals or the next time they login. To force users to change their password at set intervals, type the expiration interval in the Passwords expire in x days field. To force users to change their password the next time they log in, check Require password change on next logon.

   If the domain is set with concrete password expiration days, you should also set the user expiration to 0. That means using the domain expiration setting. The domain setting detection is automatic after submitting the “adding user” request. Also, you can manually change it on creation.

   The default password expiration value is two years (730 days).

   On upgrade, the existing values for password expiration should remains same.

6. If you set a password expiration interval, type the number of days before expiration that users should receive notifications in the Show warning x days before password expiration field.

   When configured and a password is expiring, a notification is displayed on the user’s Virtual Office page or the Administrator’s management console identifying the number of days before their password expires. Notifications also include a link to a screen where the password can be changed.

7. Optionally add the number of unique new passwords that is associated with a user account before an old password can be re-used for the account in the Enforce password history, x passwords remembered field. The value specified must be between 0 and 10 passwords.
8. Optionally Enforce password minimum length by entering a value between 1 and 14 characters. This is the minimum amount of characters accepted for a user password.

9. Optionally select Enforce password complexity. When this option is enforced, at least three of the four following parameters must be met when setting a password:

   > English uppercase characters (A through Z)

   > English lowercase characters (a through z)

   > Base 10 digits (0 through 9)

   > Non-alphabetic characters (for example, !, $, #, %)

10. Optionally select Allow password changes. This allows users to change their own passwords after their account is set up.
11. Optionally select Require password change on next login. This requires users to change their passwords during their next login.

12. Optionally select Enable client certificate enforcement to require the use of client certificates for login. By checking this box, you require the client to present a client certificate for strong mutual authentication. Two additional fields appear:

    • > Verify username matches Common Name (CN) of client certificate – Select this check box to require that the user’s account name match their client certificate.

    • > Verify partial DN in subject – Use the following variables to configure a partial DN that matches the client certificate:

      • Username: %USERNAME%
      • Domain name: %USERDOMAIN%
      • Active Directory username: %ADUSERNAME%
      • Wildcard: %WILDCARD%

13. Optionally select One-time passwords to enable the one-time password feature. A drop-down menu appears, in which you can select User discretion, Use E-mail, and Use Mobile App.

    These are defined as:

    • > User discretion – Users in this domain can edit one-time password settings from the Portals > Domains > Add Domain page.
    • > Use E-mail – Optionally select Use E-mail to enable this one-time password method. The Email domain: window appears, in which you can enter an email address to send the one-time password.
    • > Use Mobile App – Optionally select Use Mobile App to enable this one-time password method to force users to use a one-time password. Users can use Google Authenticator, Duo Mobile, or any other compliant two-factor authentication service.
14. If Enable Always on VPN is enabled, users have uninterrupted access to the network.

15. Optionally select Enable Always on VPN to enable the Always on VPN feature. A drop-down menu appears, in which you can select from the following:

    > Allow user to disconnect and enter a domain in the E-mail domain: window.

    > Allow accessing network if VPN fail to connect.

    > Don’t connect VPN in Trusted Network.

16. Select one of the following options from the Require Device Register drop-down menu:

    > Select Use Global Setting to apply the global setting to this domain.

    > Select Enable this feature, no matter what is selected for the global setting.

    > Select Disable this feature, no matter what is selected for the global setting.

17. Click Accept to update the configuration. After the domain has been added, the domain is added to the table on the Portals > Domains page.