Authentication Profiles

Introduction

Authentication profiles use in following two ways in Web RA:

Primary Authentication - used for an authorized access to login into Web RA user's portal. Generally set under Service Plans > Authentications .
Secondary Authentication - used upon certificate requests creation, renewal and revocation. Generally set under ADSS Service Profiles > Authentications .

How it Works?

You can CREATE an authentication profile using an authentication method, whether the authentication profile can be set as primary or secondary depends upon selected authentication method and also on check box selection to enable secondary authentication.
You can create an authentication profile, using icon on top right. Provide name for the authentication profile, and select authentication method on next screen. On selection of Email/Password Authentication, no option appears to select secondary authentication. If the authentication profile configured under Service Plan is only set as primary, i.e. email/password authentication then it will work same as default Web RA authentication where user has to provide his email and password credentials.
You can also create an OTP (One Time Password) based authentication, using three available options (i.e. SMS/OTP, Email or Email/SMS Authentications). In all these three authentications, the configurations will be shown up according to selected authentication method. A check box to mark the authentication profile to be used as secondary authentication will also appear. Once an authentication profile configured, it can be used as secondary authentication (if checkbox to Enable Secondary Authentication was set in authentication profile) while logging a user or upon request creation, renewal and revocation time.

1) If SMS/OTP only authentication method selected under authentication profile, then an OTP will be received to you ONLY mobile number, configured under your profile settings.

2) If Email only authentication profile selected under authentication profile, then an OTP will be received to you ONLY via configured email.

3) If Email/SMS authentication method selected under authentication profile, then an OTP will be received to you not only on configured mobile number but via email as well.

4) An authentication profile will only be shown up while setting up authentication under ADSS Service Profiles, If secondary authentication is set as enabled in that authentication profile.

5) An authentication profile will only be shown up under secondary authentication profiles list while setting up authentication under Service Plan, If secondary authentication is set as enabled in that authentication profile. Rest of the authentication profiles will be listed under Primary Authentication.

Create Authentication Profile

If you want to create an authentication profile, then follow these steps:

Create a new authentication profile, using icon on top right.
Provide all the required information, including profile name and select authentication method.
Select SMS/OTP or Email gateways connectors accordingly.
Select checkbox to Enable Secondary Authentication, if you want to use the authentication profile as secondary authentication on login or request approval time (which later set under Service Plan or ADSS Service Profile respectively).
Click on CREATE button to create authentication profile.

An authentication profile cannot be deleted, if it is being used in one of the Service Plans or ADSS Service Profiles