An operator can use authentication profiles in following ways:


  • Primary Authentication - used for an authorized access to login into ADSS Web RA user portal. Generally set under Service Plans > Login Authentications under the Advance Settings tab. 
  • Secondary Authentication - used upon certificate requests creation, renewal and revocation. Generally set under Certification Profiles under the Authentications tab. 


  1. You can create an authentication profile using an authentication method, whether the authentication profile can be set as primary or secondary. It is also necessary to select the check box Enable Secondary Authentication. 
  2. You can create an authentication profile, using  icon on top right. Provide name for the authentication profile, and select authentication method on next screen. On selection of Email/Password Authentication, no option appears to select secondary authentication. If the authentication profile configured under Service Plan is only set as primary, i.e. email/password authentication then it will work same as default ADSS Web RA authentication where user has to provide his email and password credentials.
  3. You can also create an OTP (One Time Password) based authentication, using the following options:


  • Email / Password Authentication 
  • SMS OTP Authentication 
  • Email OTP Authentication 
  • Email & SMS Authentication
  • SAML Authentication 
  • Active Directory Authentication 
  • Azure Active Directory Authentication
  • OIDC


In all these authentications, the configurations will be displayed according to selected authentication method. A check box to mark the authentication profile is to be used as secondary authentication will also appear. Once an authentication profile is configured, it can be used as secondary authentication (if checkbox to Enable Secondary Authentication was set in authentication profile) while logging a user or upon request creation, renewal and revocation time.


  1. An administrator can also configure SAML authentication as second-factor authentication in case of renewing and revoking of certifications. 
  1. If SMS OTP only authentication method is selected under authentication profile, then an OTP will be sent to you ONLY via text message on the mobile number that is configured in your profile settings.
  2. If Email-only authentication profile is selected under authentication profile, then an OTP will be sent to you ONLY via configured email.
  3. If Email/SMS authentication method is selected under authentication profile, then an OTP will be sent to you via both email and text message on configured mobile number. 
  4. An authentication profile will only be shown while setting up authentication under Certification Profiles, if secondary authentication is enabled in that authentication profile.
  5. An authentication profile will only be shown under secondary authentication profiles list while setting up authentication under Service Plan, if secondary authentication is enabled in that authentication profile. Rest of the authentication profiles will be listed under Primary Authentication. 


  1. An administrator can configure Active Directory or Azure Active Directory Authentication as a second-factor authentication.


Create an Authentication Profile:


Follow these steps to create an authentication profile:


  1. Expand External Services > Authentication Profiles from the left menu pane, you will be navigated to the listing page. 
  2. Create a new authentication profile, using  icon on top right.



  1. Provide all the required information, including profile name and description.



Basic Information

Field

Description

Name

Specify a unique name for this profile.

Description

Mention necessary details for this profile.

Active

Tick this check box to make this profile active. 



  1. Select the relevant connectors from the dropdown.


Details

Field

Description

Method 

An administrator should select an authentication method. 

A user can select from the following authentication methods:

  1. Email/Password Authentication
  2. Email OTP Authentication 
  3. SMS OTP Authentication  
  4. Email & SMS OTP Authentication 
  5. SAML Authentication 
  6. Active Directory Authentication 
  7. Azure Active Directory Authentication
  8. OIDC



Following are the authentication types that an administrator can choose from: (Click on the link according to the authentication type you would like to view)


  1. Email / Password Authentication 
  2. SMS OTP Authentication 
  3. Email OTP Authentication 
  4. Email & SMS Authentication
  5. SAML Authentication 
  6. Active Directory Authentication 
  7. Azure Active Directory Authentication
  8. OIDC


Email / Password


Details

Field

Description

Method 

An administrator should select Email / Password Authentication  



SMS OTP Authentication


Details

Field

Description

Method 

An administrator should select SMS OTP Authentication  

SMS Gateway

An administrator should select an SMS Gateway connector that he wants to use for authentication 

OTP Length (digits)

An administrator should select a length 4, 6 or 9

OTP Retry Interval (secs) 

An administrator should select an interval for the OTP to expire between his next try if he fails to enter it once

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



Email OTP Authentication 


Details

Field

Description

Method 

An administrator should select Email OTP Authentication  

Email Gateway

An administrator should select an Email Gateway connector that he wants to use for authentication 

OTP Length (digits)

An administrator should select a length 4, 6 or 9

OTP Retry Interval (secs) 

An administrator should select an interval for the OTP to expire between his next try if he fails to enter it once

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



Email & SMS OTP Authentication 


Details

Field

Description

Method 

An administrator should select Email & SMS OTP Authentication  

SMS Gateway

An administrator should select an SMS Gateway connector that he wants to use for authentication

Email Gateway

An administrator should select an Email Gateway connector that he wants to use for authentication 

OTP Length (digits)

An administrator should select a length 4, 6 or 9

OTP Retry Interval (secs) 

An administrator should select an interval for the OTP to expire between his next try if he fails to enter it once

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



SAML Authentication 


Details

Field

Description

Method 

An administrator should select SAML Authentication method

SAML Connectors 

An administrator should select an SAML connector that he wants to use for authentication

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



 Active Directory Authentication 


Details

Field

Description

Method 

An administrator should select an authentication method. (Active Directory in this case) 

Active Directory Connectors 

An administrator should select an AD connector that he wants to use for authentication 

Fully Qualified Domain Name 

The domain name from where the administrator wants to authenticate users

If this field is empty, then the system will not verify the domain of a user who is authenticated via AD using this profile. 

Note: You can also add multiple domains, by using commas to separate them. 

Allowed Groups 

This includes the group of users that you want to allow. 

If this field is empty, then the system will not verify the domain of a user who is authenticated via AD using this profile. 

Note: You can also add multiple groups, by using commas to separate them. 

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 


 


Click on the Create button to create an authentication profile. It will be listed in the authentication profiles listing.  

An authentication profile cannot be deleted, if it is being used in one of the Service Plans


Azure Active Directory Authentication 


Basic Information

Field

Description

Name

Specify a unique name for this profile.

Description

Mention necessary details for this profile.

Active

Tick this check box to make this profile active. 




Details

Field

Description

Method 

An administrator should select an authentication method. (Azure Active Directory Authentication in this case) 

Azure Active Directory Connectors 

An administrator should select an Azure AD connector that he wants to use for authentication 

Use this authentication as a second factor 

Tick this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



  • Azure Active directory as primary authentication will be applied in the following areas:


    • Login


  • Azure Active directory as second-factor authentication will be used in the following areas:


    • Secondary Authentication method for login
    • Submit /Generate a Certificate Request
    • Renew
    • Revoke
    • Rekey
    • Reissue
    • Recover Key


OIDC 


Basic Information

Field

Description

Name

Specify a unique name for this profile.

Description

Mention necessary details for this profile.

Active

Tick this check box to make this profile active. 



Details

Field

Description

Method 

An administrator should select an authentication method. (OIDC Authentication in this case) 

OIDC Connectors 

An administrator should select an OIDC connector that he wants to use for authentication 

Use this authentication as a second factor 

Select this checkbox if you want to use this profile for second-factor authentication. If unchecked, this profile will only be used as primary authentication 



Click on the Create button to create an authentication profile. It will be listed in the authentication profiles listing.