An operator can use authentication profiles in following ways:


  • Primary Authentication - used for an authorized access to login into ADSS Web RA user portal. Generally set under Service Plans > Authentications.
  • Secondary Authentication - used upon certificate requests creation, renewal and revocation. Generally set under ADSS Service Profiles > Authentications.


  1. You can create an authentication profile using an authentication method, whether the authentication profile can be set as primary or secondary. It is also necessary to tick the check box 'Enable Secondary Authentication'. 
  2. You can create an authentication profile, using  icon on top right. Provide name for the authentication profile, and select authentication method on next screen. On selection of Email/Password Authentication, no option appears to select secondary authentication. If the authentication profile configured under Service Plan is only set as primary, i.e. email/password authentication then it will work same as default ADSS Web RA authentication where user has to provide his email and password credentials.
  3. You can also create an OTP (One Time Password) based authentication, using the following options:


  • Email / Password Authentication 
  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 


In all these authentications, the configurations will be shown up according to selected authentication method. A check box to mark the authentication profile is to be used as secondary authentication will also appear. Once an authentication profile is configured, it can be used as secondary authentication (if checkbox to Enable Secondary Authentication was set in authentication profile) while logging a user or upon request creation, renewal and revocation time.


  1. An administrator can also configure SAML authentication as second-factor authentication in case of renewing and revoking of certifications. 

1) If SMS OTP only authentication method is selected under authentication profile, then an OTP will be sent to you ONLY via text message on the mobile number that is configured in your profile settings.


2) If Email-only authentication profile is selected under authentication profile, then an OTP will be sent to you ONLY via configured email.


3) If Email/SMS authentication method is selected under authentication profile, then an OTP will be sent to you via both email and text message on configured mobile number. 


4) An authentication profile will only be shown while setting up authentication under ADSS Service Profiles, if secondary authentication is enabled in that authentication profile.


5) An authentication profile will only be shown under secondary authentication profiles list while setting up authentication under Service Plan, if secondary authentication is enabled in that authentication profile. Rest of the authentication profiles will be listed under Primary Authentication. 


  1. An administrator can configure Active Directory authentication as a second-factor authentication.


Create an Authentication Profile:


Follow these steps to create an authentication profile:


  1. Click on "External Services" from the left menu pane and then click on "Authentication Profiles", you will be navigated to the listing page. 
  2. Create a new authentication profile, using  icon on top right.



  1. Provide all the required information, including profile name and description.


Basic Information

Field

Description

Name

Specify a unique name for this profile.

Description

Mention necessary details for this profile.

Active

Tick this check box to make this profile active. 



  1. Select the relevant connectors from the dropdown.


Details

Field

Description

Method 

An administrator should select an authentication method. 

A user can select from the following authentication methods:

  1. Email OTP Authentication 
  2. SMS OTP Authentication  
  3. Email & SMS OTP Authentication 
  4. SAML Authentication 
  5. Active Directory Authentication 




Following are the descriptions and screenshots of the authentication types that an administrator can choose from:


SMS OTP Authentication


Details

Field

Description

Method 

An administrator should select SMS OTP Authentication  

SMS Gateway

An administrator should select an SMS Gateway connector that he wants to use for authentication 

OTP Length (digits)

An administrator should select a length 4, 6 or 9

OTP Retry Interval (secs) 

An administrator should select an interval for the OTP to expire between his next try if he fails to enter it once

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 




Email OTP Authentication 


Details

Field

Description

Method 

An administrator should select Email OTP Authentication  

Email Gateway

An administrator should select an Email Gateway connector that he wants to use for authentication 

OTP Length (digits)

An administrator should select a length 4, 6 or 9

OTP Retry Interval (secs) 

An administrator should select an interval for the OTP to expire between his next try if he fails to enter it once

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



Email & SMS OTP Authentication 


Details

Field

Description

Method 

An administrator should select Email & SMS OTP Authentication  

SMS Gateway

An administrator should select an SMS Gateway connector that he wants to use for authentication

Email Gateway

An administrator should select an Email Gateway connector that he wants to use for authentication 

OTP Length (digits)

An administrator should select a length 4, 6 or 9

OTP Retry Interval (secs) 

An administrator should select an interval for the OTP to expire between his next try if he fails to enter it once

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



SAML Authentication 


Details

Field

Description

Method 

An administrator should select SAML Authentication method

SAML Connectors 

An administrator should select an SAML connector that he wants to use for authentication

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



 Active Directory Authentication 


Details

Field

Description

Method 

An administrator should select an authentication method. (Active Directory in this case) 

Active Directory Connectors 

An administrator should select an AD connector that he wants to use for authentication 

Fully Qualified Domain Name 

The domain name from where the administrator wants to authenticate users

If this field is empty, then the system will not verify the domain of a user who is authenticated via AD using this profile. 

Note: You can also add multiple domains, by using commas to separate them. 

Allowed Groups 

This includes the group of users that you want to allow. 

If this field is empty, then the system will not verify the domain of a user who is authenticated via AD using this profile. 

Note: You can also add multiple groups, by using commas to separate them. 

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



             


Click on the Create button to create an authentication profile. It will be listed in the authentication profiles listing.  

An authentication profile cannot be deleted, if it is being used in one of the Service Plans