Secure Mobile Access 12.4 Deployment Guide

Table of Contents

Establishing an Authentication Realm

To authenticate your users, you must first define an authentication realm, which is the combination of an existing company directory and an authentication method.

To define an authentication realm

  1. From the main navigation menu, navigate to User Access > Realms.

  2. Click New Realm.

  3. Enter a realm name in the Name field. For example, Company XYZ.

  4. Optionally, enter a short description of the realm in the Description field.

  5. Click New next to the Authentication server drop-down menu.

  6. Select Microsoft Active Directory (Basic).

  7. Click Continue.

  8. Enter a name for the credential type in the Name field. For example, Company Directory.

    Resources sometimes require NTLM credentials to be forwarded to back-end Web servers; Outlook is often set up this way.

  9. In the Primary domain controller field, type the host name (assuming you’ve already configured DNS) or IP address for the authentication server.

  10. To perform Active Directory searches, the appliance must be able to log on to the authentication server.

    In the General section:

    1. In the Login name field, type the Active Directory login name.
    2. In the Password field, type the password that corresponds with the login name.

  11. Click the Test button to validate that the connection is properly configured and that the authentication server is accessible from the appliance.

  12. Expand the Advanced settings area.

  13. Scroll down to the Domain Authentication Forwarding area to specify how the domain name portion of the credentials will be forwarded. In this section, select either:

    • Forward a custom domain name, the default, and enter the domain name in either NILM or Kerberos style.
    • Forward the authentication server name as the domain name.

  14. In the One-Time Passwords section, select the Use one-time passwords with this authentication server checkbox to enable a one-time password. This is enabled by default. You can then choose to use either:

    • Time-Based One-Time Passwords (TOTP)
      1. Select Use the configured TOTP service.
      2. Select Use back-up codes, if you want to be able to use one-time use backup codes when one-time password generation issues occur.
    • Password sent by text message using SMS
      1. Select Use the configured service(s).
      2. Enter the length of the password in the Passwords contain field; the default is 8 characters.
      3. Select Send password via text message using SMS.
      4. Select from the Phone number masking drop down list how much of the user’s phone number will be displayed.
      5. In the Phone number attribute field, specify the type of device; the default is mobile.
      6. Enter the message to be sent to the user in the Message field; the default is Hi{username},Your one time password is:{password}.
      7. To test the message, enter a phone number in the Phone number field and click the Send test message button.
    • Password sent by email using SMTP
      1. Select Use the configured service(s).
      2. Enter the length of the password in the Passwords contain field; the default is 8 characters.
      3. Select Send password via email using SMTP.
      4. Select the type of acceptable characters, such as Alphabetic, Numeric from the characters drop-down menu.
      5. In the From address field, enter the email address from which email is sent to the user.
      6. Optionally, if the primary email address attribute exists on the authentication server, enter it in the Primary email address attribute field.
      7. Optionally, if the secondary email address attribute exists on the authentication server, enter it in the Secondary email address attribute field.
      8. Enter the subject for the email sent to the user in the Subject field; the default is One time password.
      9. Enter the message to be sent to the user in the Body field; the default is Hi {username}, Your one time password is: {password}.
      10. To test the message, enter an email address in the Email Address field and click the Send test message button.

  15. Click Save.

    You are returned to the Configure Realm page.

  16. From the Authentication server drop-down menu, select the authentication server you just configured (Company Directory).

  17. Click Finish

    This will create communities within the Company XYZ realm later in this process.