An operator can set two types of authentications on the ADSS Web RA web portal:


  1. Primary authentication.
  2. Secondary authentication.


These authentication methods are configured in the authentication profile and then in the service plan through the ADSS Web RA Server admin portal. 


Primary Authentication 


To login into your ADSS Web RA web portal, you can login using the following methods:


  1. Email and password
  2. SAML authentication 
  3. Active Directory 
  4. Azure Active Directory
  5. OIDC authentication 


Email and Password


In this authentication method, a user is required to provide his credentials on the ADSS Web RA Web portal login page. 


Enter the user email and password to login. 


SAML Authentication 


In this method, a user is required to enter his user email at the ADSS Web RA Web portal login page. 


Once he enters the email address, he is directed to the Azure portal. A new window will appear, where the user will be required to enter his email address and password. 


Active Directory 


A user is required to enter the email address at the ADSS Web RA Web portal login page and click the "Next" button. The system will use this email address to identify which login mechanism is configured in the service plan. If a user is not registered in the application, the password screen will appear. ADSS Web RA web will notify whether the user exists or not due to security reasons.

After clicking on the "Next" button, if the Active Directory Authentication profile is selected as a primary authentication in a user's service plan then the selected profile IDP screen will appear. It will ask the user to authenticate. After successful authentication, user will be redirected to the login screen. If a user is blocked by the administrator then the system will show an error after the completion of the authentication process.


Azure Active Directory 


A user is required to enter the email address at the ADSS Web RA Web portal login page and click the "Next" button. The system will use this email address to identify which login mechanism is configured in the service plan. If a user is not registered in the ADSS Web RA application, the password screen will be displayed. ADSS Web RA does not indicate if a user exists or not due to security reasons. 


Once you click the next button, if the Azure Active Directory authentication profile is set as a primary authentication in a user's enterprise role, then the selected profile IDP screen will pop-up and the user will be required to authenticate. After successful authentication, user will be redirected to the login screen. 


If an administrator has blocked a user, the application will prompt an error at the end of the authentication process. 


if the Azure Active Directory authentication profile is set a a secondary authentication in a user's enterprise role, then after proceeding with the primary authentication e.g. Email/Password or SAML at login, then the selected profile IDP screen will pop-up and the user will be required to authenticate. After successful authentication, user will be redirected to the login screen. 

ADSS Web RA is currently not supporting Azure Active Directory provisioning in this version. 


OIDC Authentication 


A user is required to enter the email address at the ADSS Web RA Web portal login page and click the "Next" button. The system will use this email address to identify which login mechanism is configured in the service plan. If a user is not registered in the ADSS Web RA application, the password screen will be displayed. ADSS Web RA does not indicate if a user exists or not due to security reasons. 


Once you click the next button, if the OIDC authentication profile is set as a primary authentication in a user's enterprise role, then the selected profile IDP screen will pop-up and the user will be required to authenticate. After successful authentication, user will be redirected to the login screen. 


Second Factor Authentication 


For better security, you can also set a secondary authentication method for ADSS Web RA web portal. 


In this authentication method, you can use the following:


  1. SAML authentication 
  2. Active directory
  3. Azure Active Directory Authentication
  4. OIDC Authentication 
  5. OTP


One-Time Password (OTP) 


You can also set OTP (One Time Password) as a secondary authentication method, if it is allowed in your service plan. Once you provide a correct password at login screen, you will receive an OTP on your configured mobile number.


To login into your ADSS Web RA user portal using OTP, use following steps:


  1. Login with your respective credentials.
  2. If the provided credentials are correct:


    1. An OTP will be sent on your mobile device.
    2. A dialog will appear on the login screen to enter the received OTP.


  1. Specify the received OTP and click the 'Login Here' button.


The availability of OTP security feature as two-factor authentication is subject to your subscribed service plan settings. If you are willing to use this provision, please contact your Admin RAO. To configure OTP as a secondary authentication, see the Service Plans section.

1) In order to successfully login, you must provide your account credentials and the received OTP correctly.

2) The use of OTP as two-factor authentication is subject to your subscribed service plan. ADSS Web RA currently supports 4, 6, and 9 digits OTP.

3) As a part of GDPR compliance, the "Service Agreement" dialog will appear after successful user authentication. This dialog contains the links of "Terms of Service" and "Privacy Policy" pages. ADSS Web RA will ensure that you agree to them before letting you use your account. To configure Terms of Services, see Service Agreements section.


When a user accesses ADSS Web RA web portal, for instance:


https://webra.web.ascertia.com.pk/login, the login screen appears. 


The user is required to enter an email address upon which the system will identify which mechanism to use according to the configurations of his service plan as shown below:




  • If a user is not registered to the application and he clicks on the next button, system will proceed to the 'Password' tab automatically. ADSS Web RA web portal does not indicate if a user exists or not due to security reasons.


  • If a user has selected password as a primary authentication in the enterprise role, then the user will be required to enter the password after successful authentication, the user will be redirected to login. 


  • After clicking on the 'Next' button, if a user has selected SAML profile as a primary authentication in the enterprise role then the selected profile IdP screen will pop-up, requiring the user to authenticate after successful authentication and redirecting the user to the login screen. 


  • If a user is blocked by the administrator then the system will pop-up an error once the authentication process is complete.