Authentication profiles use in following two ways in ADSS Web RA:


  • Primary Authentication - used for an authorized access to login into ADSS Web RA user's portal. Generally set under Service Plans > Authentications.
  • Secondary Authentication - used upon certificate requests creation, renewal and revocation. Generally set under ADSS Service Profiles > Authentications.


How it Works?


  1. You can CREATE an authentication profile using an authentication method, whether the authentication profile can be set as primary or secondary depends upon selected authentication method and also on check box selection to enable secondary authentication.
  2. You can create an authentication profile, using  icon on top right. Provide name for the authentication profile, and select authentication method on next screen. On selection of Email/Password Authentication, no option appears to select secondary authentication. If the authentication profile configured under Service Plan is only set as primary, i.e. email/password authentication then it will work same as default ADSS Web RA authentication where user has to provide his email and password credentials.


  1. You can also create an OTP (One Time Password) based authentication, using three available options (i.e. SMS/OTP, Email or Email/SMS Authentications). In all these three authentications, the configurations will be shown up according to selected authentication method. A check box to mark the authentication profile is to be used as secondary authentication will also appear. Once an authentication profile configured, it can be used as secondary authentication (if checkbox to Enable Secondary Authentication was set in authentication profile) while logging a user or upon request creation, renewal and revocation time.


  1. An administrator can also configure SAML authentication as second factor authentication in case of renewing and revoking of certifications. 

1) If SMS/OTP only authentication method is selected under authentication profile, then an OTP will be sent to you ONLY via text message on the mobile number that is configured in your profile settings.


2) If Email-only authentication profile is selected under authentication profile, then an OTP will be sent to you ONLY via configured email.


3) If Email/SMS authentication method is selected under authentication profile, then an OTP will be sent to you via both email and text message on configured mobile number. 


4) An authentication profile will only be shown while setting up authentication under ADSS Service Profiles, if secondary authentication is enabled in that authentication profile.


5) An authentication profile will only be shown under secondary authentication profiles list while setting up authentication under Service Plan, if secondary authentication is enabled in that authentication profile. Rest of the authentication profiles will be listed under Primary Authentication. 


Create Authentication Profile


Follow the following steps to create an authentication profile:

 

  1. Create a new authentication profile, using  icon on top right.
  2. Provide all the required information, including profile name and select authentication method.
  3. Select SMS/OTP or Email gateways connectors accordingly.
  4. Select checkbox to Enable Secondary Authentication, if you want to use the authentication profile as secondary authentication on login or request approval time (which later set under Service Plan or ADSS Service Profile respectively).
  5. Click on Create button to create authentication profile.

An authentication profile cannot be deleted, if it is being used in one of the Service Plans or ADSS Service Profiles