- Created by Vladislav Fomichev, last modified on Sep 28, 2020
Files of Indeed AM SMS OTP Provider reside in: indeed AM\Indeed AM Providers\Indeed SMS OTP Provider\<Version number>\
- IndeedAM.AuthProviders.StorageSmsOTP-x64.msi is the installation package of Indeed SMS OTP Provider.
- IndeedID.SMSOTP.Password.Encryptor.exe is the utility for encryption of SMS gateway password.
- /Misc - folder contains policy templates.
Indeed AM Storage SMS OTP Provider
This provider is provided only in the scenario with the Indeed AM Radius Extension component.
If you want to keep the Indeed AM data in the SQL database, you can use the Indeed AM Storage SMS OTP Provider. This provider will allow you to store, receive, and update the Indeed AM users' phone numbers in the SQL database. Phone numbers are stored in encrypted form.
Indeed AM Storage SMS OTP Provider requires SMS gateway. This gateway should be accessible from every Indeed AM server where Indeed AM SMS OTP Provider is to be installed.
The authenticator require enrollment.
Installation
- Install Indeed SMS OTP Provider by running IndeedAM.AuthProviders.SmsOTP-x64.msi installer.
- After the installation is complete, system restart might be necessary. If the installation wizard prompts to restart the system - confirm this action.
- The product removal/ restoring is carried out using the standard procedure for the supported operating systems, via Control panel menu.
Provider registration
You can use the lightweight version of the Indeed AM EAPhoneServer API to register providers. This solution was specially designed for the Storage SMS OTP Provider. Alternatively, you can use the main API of the Indeed system.
Configuring the authentication parameters
It is necessary to add the Indeed AM policy templates into the administration template list before starting to configure group policies. Policy template files are included into the installation package and can be found in the Misc folder.
SMS delivery service
The policy applies to Indeed servers. It allows to configure the following settings to use with SMS server:
- Use tls defines whether encryption is to be used or not.
- URL(IP address) defines the address of server to connect to.
- Port defines connection port to use.
- SystemId (Username) - defines the account name to use for connection to server.
Password defines account password to use for connection to server.
The password can be defined either in explicit form, or in encrypted one. To encryption the password, use the IndeedAM.SMSOTP.Password.Encryptor.exe utility from the installation package of provider.
- SystemType is the field for PDU operation BIND_TRANSCEIVER of SMPP protocol.
- Sender defines the sender name to be displayed to the SMS message recipient.
- Additional text before OTP defines the message text that precedes the OTP. By default, only OTP is sent. For advanced settings, use the following parameters:
- <app> defines the name of application that sent the authentication request.
- <requestLocalServerTime> defines the local server time of request receiving.
- <requestComputerDns> defines the DNS of computer that sent the request.
<requestComputerIp>defines the IP of computer that sent the request.
OTP code display is not configurable. It is always displayed at the end of the message.
To provide for word wrap in the message, it is necessary to modify HKLM/SOFTWARE/Policies/Indeed-ID/BSPs/SMSOTP registry key. Change the older parameter "messageOTP" of "REG_SZ” type to "messageOTP" of "REG_MULTI_SZ” type.
- SMS status timeout defines the timeout of receiving the status of the SMS from server.
- PDU with SMS status defines the PDU that server send the status of the message sent in.
- source_addr_ton defines Type of Number for the source address.
- source_addr_npi defines Numbering Plan Indicator for the source address.
- dest_addr_ton defines Type of Number for the destination.
- dest_addr_npi defines the Numbering Plan Indicator for the destination.
- esm_class defines the Message Mode & Message Type.
- registered_delivery defines the indicator of request for SMSC or SME confirmation.
- data_coding defines the encoding scheme for user data in the short message.
Configuring the message format
The policy makes it possible to define the settings of date display in the message. Format examples can be viewed here: https://docs.microsoft.com/dotnet/standard/base-types/standard-date-and-time-format-strings
Enabled
The date is displayed according to the format set in the policy.
One-time password generation settings
The policy applies to Indeed servers. It allows to configure one-time password length and usage of character groups for password generation.
Not Configured or Disabled
If the policy is not configured or disabled, a password generated would be 4 characters long and would contain digits only.
Enabled
The one-time password is generated according to the policy parameters. If the policy is not defined or is disabled, then the password can contain digits and lowercase Latin letters only, and would be 6 characters long.
Settings of concurrent connection to SMPP server
The policy applies to Indeed servers. It allows to configure the processing order for requests to SMPP server. The policy might be necessary in case the SMPP server does not support multiple simultaneous connections from a single user (account defined in the SMS delivery service policy).
Not Configured or Disabled
Connections to SMPP server and message sending requests are performed in parallel.
Enabled
Connections to SMPP server and message sending requests are performed in sequence.
- No labels