- Created by Vladislav Fomichev on Dec 07, 2021
Files of Indeed Software OTP Provider reside in: indeed AM\Indeed AM Providers\Indeed AM Software OTP Provider\<Version number>\
- IndeedAM Software OTP Provider.msi is the installation package of Indeed Software TOTP Provider
- /Misc folder contains policy templates.
Files for Indeed Bsp Broker reside in: indeed AM\Indeed Providers\Indeed Bsp Broker\<Version number>\
- IndeedAM.AuthProviders.BspBroker.x64.msi is the installation package of Indeed Bsp Broker.
About the Indeed Software OTP Provider component
Software OTP Provider provides for two-factor authentication based on software methods. An authenticator is a one-time password that is to be provided by user in addition to username and password in order to access the application in question.
The one-time password is generated autonomously on the user mobile device (cell phone, smartphone, tablet PC) with special application. The password generation is based on two parameters: private key, which is defined at the authenticator registration stage, and current time.
The authentication technology is based on the system, where only one correct one-time password is possible for the defined private key at any given moment of time. Therefore, having the private key, the server can verify the one-time password provided by user. Consequently, the time on the mobile device and on the authentication server must coincide for the technology to function correctly. However, discrepancy is permissible. Its value is defined by the administrator.
Installation
- Install the Software OTP Provider by running IndeedAM Software OTP Provider.msi installer.
- After the installation is complete, system restart might be necessary. If the installation wizard prompts to restart the system - confirm this action.
- The product removal/ restoring is carried out using the standard procedure for the supported operating systems, via Control panel menu.
Configuring the authentication parameters
It is necessary to add the Indeed AM policy templates into the administration template list before starting to configure group policies. Policy template files are included into the installation package and can be found in the Misc folder.
Policy configuration is necessary to enhance security. However, Indeed Software TOTP Provider can function properly with default policies’ values.
- One-time password validity period
The policy defines the minimum validity period of one-time password during enrollment. The period is defined by integer from 3 to 18, where 3 corresponds to time interval of 30 seconds (+/- 15 seconds). The policy has to be defined at the system clients, where authenticator enrollment is carried out. In other words, these are user workstations. If the policy is not defined, the default value of 6 is used.
- Minimum PIN code length
The policy makes it possible to define the minimum number of characters that PIN code must consist of. The permissible range is from 4 to 25 characters.
- Naming format
The policy applies to servers with Admin Console installed. If the policy is not applied, then username is used as the name of OTP account.
The policy allows you to set the user parameter to be used as OTP account name, which, in turn, is transmitted in QR code. Allowed parameters: CanonicalName, PrincipalName, SamCompatibleName, DistiguishedName.
- No labels