View Source

Files of Indeed AM SMS OTP Provider reside in: indeed AM\Indeed AM Providers\Indeed SMS OTP Provider\<Version number>\

IndeedAM.AuthProviders.SmsOTP-x64.msi is the installation package of Indeed SMS OTP Provider. IndeedID.SMSOTP.Password.Encryptor.exe is the utility for encryption of SMS gateway password.
/Misc - folder contains policy templates.

About the Indeed AM SMS OTP Provider component

Indeed AM SMS OTP Provider requires SMS gateway. This gateway should be accessible from every Indeed AM server where Indeed AM SMS OTP Provider is to be installed.

A user should have phone number defined in the "telephoneNumber” attribute to use the authenticator. Otherwise, the latter would not be available.

The authenticator does not require enrollment.

The Indeed AM SMS OTP Provider is intended for user authentication with one-time passwords sent to the user in question via e-mail.

A one-time password is a random combination of digits, special characters and Latin characters). A password is generated by Indeed AM server. The result is sent to E-mail delivery service. The latter sends it to the user in the form of e-mail message. Data transmission is performed via SMTP protocol (Simple Mail Transfer Protocol).

Installation

Install Indeed SMS OTP Provider by running IndeedAM.AuthProviders.SmsOTP-x64.msi installer.
After the installation is complete, system restart might be necessary. If the installation wizard prompts to restart the system - confirm this action.
The product removal/ restoring is carried out using the standard procedure for the supported operating systems, via Control panel menu.

Configuring the authentication parameters

It is necessary to add the Indeed AM policy templates into the administration template list before starting to configure group policies. Policy template files are included into the installation package and can be found in the Misc folder.

Configuring the phone number attribute

To change the default attribute, it is necessary to add some parameters to the server configuration file (C:\inetpub\wwwroot\easerver\Web.config).

Add "userMapRules" tag to "adUserCatalogProvider” tag. Add tag "adObjectMapRule" to "userMapRules” tag with the following parameters:

"attribute="Phone"" – defines the modified parameter.
“adAttribute="mobile"" - specifies the AD attribute to receive value from.

Add "objectTypeSettings” tag.
Add "objectSetting" tag with "category="person" class="user"” parameters.

<adUserCatalogProvider id="userId" serverName="ind.loc" containerPath="DC=ind,DC=loc" userName="userAdmin" password="Q1q2E3e4">
                <userMapRules>
                        <adObjectMapRule attribute="Phone" adAttribute="mobile"/>
                    <objectTypeSettings>
                        <objectSetting category="person" class="user"></objectSetting>
                    </objectTypeSettings>
                </userMapRules>
        </adUserCatalogProvider>

SMS delivery service

The policy applies to Indeed servers. It allows to configure the following settings to use with SMS server:

Use tls defines whether encryption is to be used or not.
URL(IP address) defines the address of server to connect to.
Port defines connection port to use.
SystemId (Username) - defines the account name to use for connection to server.
Password defines account password to use for connection to server.

The password can be defined either in explicit form, or in encrypted one. To encryption the password, use the IndeedAM.SMSOTP.Password.Encryptor.exe utility from the installation package of provider.

SystemType is the field for PDU operation BIND_TRANSCEIVER of SMPP protocol.
Sender defines the sender name to be displayed to the SMS message recipient.
Additional text before OTP defines the message text that precedes the OTP. By default, only OTP is sent. For advanced settings, use the following parameters:

<app> defines the name of application that sent the authentication request.
<requestLocalServerTime> defines the local server time of request receiving.
<requestComputerDns> defines the DNS of computer that sent the request.
<requestComputerIp> defines the IP of computer that sent the request.

OTP code display is not configurable. It is always displayed at the end of the message.

To provide for word wrap in the message, it is necessary to modify HKLM/SOFTWARE/Policies/Indeed-ID/BSPs/SMSOTP registry key. Change the older parameter "messageOTP" of "REG_SZ” type to "messageOTP" of "REG_MULTI_SZ” type. Indeed Access Manager 8.0 Documentation > Indeed AM SMS OTP Provider > image2019-8-13_16-14-55.png

SMS status timeout defines the timeout of receiving the status of the SMS from server.
PDU with SMS status defines the PDU that server send the status of the message sent in.
source_addr_ton defines Type of Number for the source address.
source_addr_npi defines Numbering Plan Indicator for the source address.
dest_addr_ton defines Type of Number for the destination.
dest_addr_npi defines the Numbering Plan Indicator for the destination.
esm_class defines the Message Mode & Message Type.
registered_delivery defines the indicator of request for SMSC or SME confirmation.
data_coding defines the encoding scheme for user data in the short message.

Configuring the message format

The policy makes it possible to define the settings of date display in the message. Format examples can be viewed here: https://docs.microsoft.com/dotnet/standard/base-types/standard-date-and-time-format-strings

Enabled

The date is displayed according to the format set in the policy. Indeed Access Manager 8.0 Documentation > Indeed AM SMS OTP Provider > image2019-8-13_16-10-17.png

One-time password generation settings

The policy applies to Indeed servers. It allows to configure one-time password length and usage of character groups for password generation.

Not Configured or Disabled

If the policy is not configured or disabled, a password generated would be 4 characters long and would contain digits only.

Enabled

The one-time password is generated according to the policy parameters. If the policy is not defined or is disabled, then the password can contain digits and lowercase Latin letters only, and would be 6 characters long. Indeed Access Manager 8.0 Documentation > Indeed AM SMS OTP Provider > image2019-8-13_16-11-46.png

Settings of concurrent connection to SMPP server

The policy applies to Indeed servers. It allows to configure the processing order for requests to SMPP server. The policy might be necessary in case the SMPP server does not support multiple simultaneous connections from a single user (account defined in the SMS delivery service policy).

Not Configured or Disabled

Connections to SMPP server and message sending requests are performed in parallel.

Enabled

Connections to SMPP server and message sending requests are performed in sequence.