How To Configure Accops HyID (Two factor Authentication)
Pre-requisites
- Customer need to have active directory server (AD) for user database.
- Date and time should be correct on HySecure server.
- SMTP should be configured on HySecure server.
- SMS Gateway should be configured on HySecure server.
Accops HyID configuration(two factor authentication)
- Configure active directory server on HySecure.
Login as security user (certificate user) into HySecure server.
Go to option "AUTH MANAGEMENT | Authentication Servers".
Here administrator need to add and configure active directory server. This is external user database. Also every user should have email address and mobile number for sending OTP.
- Specify Authentication Domain.
After Authentication Servers is created, go to option
"AUTH MANAGEMENT | Authentication Domain" and add Authentication Domain or modify Default AuthDomain.
Here administrator need to create Authentication Domain and select the active directory server from drop down list.
At the time of OTP policy creation AD server will be display from Authorization Server. If administrator wants to use native user for sending OTP then select Native.
Note: If AD environment is not there then please ignore steps 1 and 2.
Create user data base locally on HySecure server and use Native for local HySecure data base. - Create OTP Policy
HySecure administrator need to create OTP policy for specify the user/user group/OU who will get the OTP. Here administrator need to select authentication domain first. Then need to select authorization server from drop down list. It will show user only the authentication server which is configured on authentication domain. So if administrator wants to give OTP to specific AD user then administrator need to select that AD server.
After AD server is selected administrator need to specify the user, user group or OU. If token assignment type is user then all the user from active directory server will be showing on create OTP policy page. Same way if user group or OU isselected then all the user group or OU will be fetch from AD server and display on create OTP policy page. HySecure administrator can assign to specific user, user group or OU level. So that specific user will get OTP according to the OTP policy assignment.
Then administrator need to enable OTP service check box. This will enable OTP to AD user and also configure OTP policy. Administrator first need to select the OTP media, by which AD user will get OTP. OTP media may be Email, SMS, Email and SMS, Mobile soft token. If Email is configured then user will get the OTP to their email id. At the time of sending OTP to user, HyID server will fetch email id for that user from AD server.
Administrator can configure OTP length also. It can be four digit, sixdigit or eight digit. If six digit is configured then user will get 6 digit OTP. OTP expiry time also can be configured. It can be configured 1 min to 2 days. If OTP expiry time is set to 15 mins, then OTP will be valid up to 15 mins from OTP generation day and time. Same way user can use single OTP for one date if OTP expiry time is set to one day.
Administrator can control the new OTP generation time. If OTP generation time out is set to 60 seconds then user will get same OTP for next 60 seconds. Means user click on get OTP then within 60 seconds is user click on get OTP, then both the OTP will be same. If OTP generation timeout is set to 0 second, then every time user will get different OTP.
After creation of OTP policy. User will get OTP according to OTP policy configuration. Administrator can change the OTP policy configuration any time. - Create HySecure domain for two factor authentication.
Go to option "ACCESS MANAGEMENT | HySecure Domain", here administrator can modifythe default HySecure domain or create new HySecure domain. If administrator wants to create new HySecure domain then click on add option and specify the Authentication Domain from drop down list. HySecure user will be asking OTP at the time of HySecure login if two factor Authentication Domain is configured on HySecure Domain. Otherwise HySecure will be asking only user name and password.
- Login using OTP.
After OTP policy is configured, Open HySecure web portal login page.
https://HySecure server address.
Then select HySecure domain first.
Enter user name and password, click on Sign-in button.
Once user's credentials is validate successfully, then HySecure server will be asking for more authentication (two factor authentication).
Here end user need to select token type (OTP media) and click on Get-OTP button. After action user will get OTP according to OTP policy.
When HySecure OTP server send OTP to registered email id or mobile number successfully, then user will get acknowledgement.
Client support
| Client Type | Results |
|---|---|
| Windows client | Yes |
| Web portal | Yes |
| Linux client | Not supports |
| MAC client | Not supports |
| iOS client | Not supports |
| Android client | Yes |