You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Information

Files of Indeed Software TOTP Provider reside in: indeed EA\Indeed Providers\Indeed Software TOTP Provider\<Version number>\

  • Indeed Software TOTP Provider.msi is the installation package of Indeed Software TOTP Provider
  • /Misc folder contains policy templates.

Files for Indeed Bsp Broker reside in: indeed AM\Indeed Providers\Indeed Bsp Broker\<Version number>\


About the Indeed Software TOTP Provider component

Software TOTP Provider provides for two-factor authentication based on software methods. An authenticator is a one-time password that is to be provided by user in addition to username and password in order to access the application in question.

The one-time password is generated autonomously on the user mobile device (cell phone, smartphone, tablet PC) with special application. The password generation is based on two parameters: private key, which is defined at the authenticator registration stage, and current time.

The authentication technology is based on the system, where only one correct one-time password is possible for the defined private key at any given moment of time. Therefore, having the private key, the server can verify the one-time password provided by user. Consequently, the time on the mobile device and on the authentication server must coincide for the technology to function correctly. However, discrepancy is permissible. Its value is defined by the administrator.

Installation

  1. Install the Indeed Software TOTP Provider by running Indeed Software TOTP Provider.msi installer.
  2. After the installation is complete, system restart might be necessary. If the installation wizard prompts to restart the system - confirm this action.
  3. The product removal/ restoring is carried out using the standard procedure for the supported operating systems, via Control panel menu.

Configuring the authentication parameters

Information

It is necessary to add the Indeed-Id policy templates into the administration template list before starting to configure group policies. Policy template files are included into the installation package and can be found in the Misc folder.

Note

Policy configuration is necessary to enhance security. However, Indeed Software TOTP Provider can function properly with default policies’ values.

  • One-time password validity period

The policy defines the minimum validity period of one-time password during enrollment. The period is defined by integer from 3 to 18, where 3 corresponds to time interval of 30 seconds (+/- 15 seconds). The policy has to be defined at the system clients, where authenticator enrollment is carried out. In other words, these are user workstations. If the policy is not defined, the default value of 6 is used.

  • Minimum PIN code length

The policy makes it possible to define the minimum number of characters that PIN code must consist of. The permissible range is from 4 to 25 characters.

  • Naming format

Information: The policy applies to servers with EMC console installed. If the policy is not applied, then username is used as the name of OTP account.

The policy allows you to set the user parameter to be used as OTP account name, which, in turn, is transmitted in QR code. Allowed parameters: CanonicalName, PrincipalName, SamCompatibleName, DistiguishedName.

  • No labels