- Created by Vladislav Fomichev, last modified on Aug 21, 2019
Files of Indeed AM HOTP Provider reside in: indeed AM\Indeed AM Providers\Indeed AM HOTP Provider\<Version number>\
- IndeedAM.AuthProviders.HOTP-x64.msi is the installation package of Indeed HOTP Provider.
- /Misc folder contains policy templates.About the Indeed HOTP Provider component
About the Indeed AM HOTP Provider component
The autonomous one-time password generator eToken PASS can be used for authentication in any applications and services that support RADIUS protocol – VPN, Microsoft ISA, Microsoft IIS, Outlook Web Access etc. eToken PASS has an algorithm of one-time password generation (One-Time Password – OTP) implemented. This algorithm is based on HMAC and SHA-1 hash function. The OTP value calculation uses two input parameters: private key (initial value for the generator) and current value of the counter (the number of generation cycles required).
Initial value is stored both in the device itself, and on the server in Indeed system. Device counter is incremented with every OTP generation, and server counter increments with every successful authentication with OTP.
Provider installation
- Install the Indeed HOTP Provider by running IndeedAM.AuthProviders.HOTP-x64.msi installer.
- After the installation is complete, system restart might be necessary. If the installation wizard prompts to restart the system - confirm this action.
- The product removal/ restoring is carried out using the standard procedure for the supported operating systems, via Control panel menu.
Device adding
A device can be registered for one user only.
To add a device, proceed as follows:
- Open the Admin Console management console.
- Switch to “Devices” tab.
- Click "Add device".
A device can also be added from a file with device parameters (“From file” tab) or via manual input of parameters (“Manual” tab).
- Adding a device from file.
- Click “Select file” at the “From file” tab.
Select an XML file with device parameters.
Example<Tokens xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Token serial="000200071927"> <CaseModel>5</CaseModel> <Model>109</Model> <ProductionDate>11/4/2008</ProductionDate> <ProductName>Aladdin OTPO v1.0</ProductName> <Applications> <Application ConnectorID="{a61c4073-2fc8-4170-99d1-9f5b70a2cec6}"> <Seed>884f20ce4b2c406e0b6199338990bb6cc3fabac403eaa7f8</Seed> <MovingFactor>1</MovingFactor> </Application> </Applications> </Token> </Tokens>
- Click "Add".
- Adding a device manually.
- Select "Manual” tab.
- Specify the device serial number in the “Serial number” field.
- Specify the private key generated by the device in the “Private key” field.
- The “Comment” field is optional. Click “Add”.
Modifying a device.
To edit a device, proceed as follows:
- Open the Admin Console management console.
- Switch to “Devices” tab.
- Select "Hardware OTP” in “Authentication provider” field. Specify the device serial number (if available) in the “Serial number” field and perform searching for the device.
- Select the found device and click edit icon.
- In the edit window, you can change the device serial number, its comment or deactivate the device. To save the changes made, click Save.
Device removal.
To remove a device, proceed as follows:
- Open the Admin Console management console.
- Switch to “Devices” tab.
- Select "Hardware OTP” in “Authentication provider” field. Specify the device serial number (if available) in the “Serial number” field and perform searching for the device.
- Select the found device and click “Delete devices”.
- Confirm removal in the popup window that appears.
Device synchronization.
To synchronize a device, proceed as follows:
- Open the Admin Console management console.
- Open the user card with registered device.
- Click “Device settings” and select “Sync” item.
- Specify the one-time passwords from the device in the “One-time password 1” and “One-time password 2” respectively and click “Sync”.
- You should return to the user page after synchronization is completed successfully.
“Settings of synchronization and one-time password verification” policy
This defines the counter value range for synchronization and one-time password verification. Default value:
- “Sync interval" - 1000
- “One-time password verification interval” - 50
- No labels