Accounts are used to authenticate users on the iPass network, a VPN, or other network. The definition of an account determines the attributes required for a successful login and authentication. Different account definitions may have different attributes: one account definition might use username and password; a second might use password, prefix, and domain. An account definition represents the attributes required for users to create an account; it does not represent a particular user’s login credentials.
For Windows profiles, you can create multiple account definitions as needed, but you must create at least one for use on the iPass network that includes username, password, and domain.
Account attributes are highly configurable to accommodate a variety of login and authentication schemes. This enables you to take granular control over the user’s login experience. You can customize account attributes in a variety of ways.
Account attributes can be configured as follows:
You can define your own format for authentication strings to be used with all connections made with a given account definition. Authentication string formats are constructed from tokens, each representing a portion of the authentication requirements. You can use any of the following tokens to assign a format to the authentication string for the profile. Only include tokens for authentication attributes that are or will be enabled for the account.
Attribute | Token | Description |
---|---|---|
Network Prefix | %p | Prefix used when authenticating to the network. |
Network Suffix | %s | Suffix used when authenticating to the network. |
Customer Prefix | %a | Prefix associated with the account defined for use when authenticating to the network. Note: in Windows clients before 1.4.1, Open Mobile automatically appends a forward slash character (/) to the end of the %a token. However, for Windows 1.4.1 and later clients, you must add in the slash character manually after the customer prefix. |
Username | %u | Username used when authenticating to the network. |
Customer Domain | %d | Suffix associated with the account defined for use when authenticating to the network. |
Literal String | N/A | Literal string. For example, if the domain value is always example.com, then example.com could be used as part of the authentication format in place of %d. |
An example of a valid authentication format would be %p%u%d. Assume these values for the tokens:
The resulting authentication string passed to Open Mobile would be: EXAMPLECO/testuser@testdomain.com.
If no forward slash were part of the network prefix, the string would be EXAMPLECOtestuser@testdomain.com.
Accounts are generally assigned to an entire profile, and connections made using the account will use the authorization format defined for the account. However, accounts can be assigned for connections of a specific type (such as Mobile Broadband), as well as for directories. Any authorization formats assigned to such accounts will override the more general one.
The hierarchy of accounts works as follows:
Each Open Mobile session (and connection attempt) is assigned a Unique Session Identifier (USID) for tracking purposes. By default, USID is prepended to the authentication format before the username (for example, @<domain>).
USID is enabled by default for connections made to access points in the iPass network directory. However, because the authentication format with USID may exceed 20 characters in length, which is longer than many networks will support, you can choose whether to include USID in directory-level authentication format overrides, to keep the authentication format under the character limit for custom directories.
You must define an iPass account before defining other accounts. For the iPass account, use the account name iPass, and select username, password, and domain for attributes.
To define an account:
Some clients allow you to set an additional authentication request to give the client more information about why an attempt to connect might fail. For more information, please see Advanced Authentication Settings.
Create a New Profile > Configuration Settings > Connectivity