HyID
(Two Factor Authentication)
Overview
HyID is a two factor authentication solution which is integrated in HySecure. The second factor of authentication is achieved by configuring a HyID policy which helps decide the generation of One Time Passwords (OTPs) which can be delivered via different mechanisms like E-mail, SMS, Mobile and Hardware tokens.
The HyID policy can be configured for specific Users, User groups or OUs, so that when the user from these groups try to login to HySecure, s/he would need to enter the OTP generated through the configured mechanisms. On validating the OTP, the user logs in to HySecure.
One or more HyID policies can be created and assigned to an Authentication Domain which in trun is bound to a HySecure Domain.
Recommendation
It is recommended to use the Active Directory in conjunction with HyID to provide group assignment of resource access
Configuration Workflow
This section defines the workflow for creating a HyID policy
-
Create a HyID Policy
-
Identify the User/User Group of the Authorization Server configured as part of the Authentication Domain, for which 2 Factor Authentication is to be configured. The policy type should be chosen as "HySecure"
-
Enable Two Factor Authentication and configure the following information
-
Channel through which OTP should be shared e.g. Email, SMS etc
-
For each of the selected channels, set various parameters like OTP token length, token expiry time etc
-
Configure common OTP specific configuration like failed atetempts etc.
-
Preference in case of multiple HyID policies
In case of multiple HyID policies getting configured for a user, the first one which matches would be applied.