Differences

This shows you the differences between two versions of the page.

Link to this comparison view

configuring_token_authentication [2012/05/03 17:05]
cpanell [Generating a New PIN]
configuring_token_authentication [2012/05/03 17:37] (current)
cpanell [Enabling Software Token Authentication in Open Mobile]
Line 1: Line 1:
 +====== Configuring Token Authentication in Open Mobile ======
 +
 +
 +Open Mobile 2.0 and later clients permit the use of authentication tokens for login credentials when connecting using the PEAP-GTC protocol. Enabling token authentication for an Open Mobile profile requires these steps:
 +
 +
 +    * Creation of an account definition with hardware or software authentication token as a valid credential.
 +    * Inclusion of the account definition in the profile.
 +    * Enablement of the PEAP-GTC connection method in each user’s Open Mobile client.
 +
 +
 +===== Hardware Token Authentication =====
 +
 +
 +==== Enabling Hardware Token Authentication in a Profile ====
 +
 +To enable hardware token authentication for a profile, you must create (or select) an account type to accept the token credentials. You can enable hardware token authentication using these steps:
 +
 +**To enable hardware token authentication for a profile:** 
 +  - Log into the Open Mobile Portal.
 +  - Select (or create) a profile to include hardware token authentication.
 +  - Under **Accounts**, click **Configure**.
 +  - Click **Create New Account**.
 +  - In **Name**  and **Display Name**, enter an account name and display name.
 +  - Under**Account Attributes**, select the attributes for the account type, including Token.
 +  - Under **Token Type**, select //Hard Token//.
 +  - Continue configuring the account type and profile as desired, and save.
 +
 +{{  :configuring_hard_token.jpg?450x251  }}
 +
 +
 +==== Enabling Hardware Token Authentication in Open Mobile ====
 +
 +
 +Once they receive the profile you have modified or created, users can enable hardware token authentication in the Open Mobile client. You will need to supply users with the connection method details, including values for inner and outer identity.
 +
 +
 +**To enable token authentication in Open Mobile,** 
 +  - Launch Open Mobile.
 +  - Click **Options | Wi-Fi.** 
 +  - Under**Campus Networks**, click **Add**.
 +  - In **Network Name**, enter the name of the network that requires token authentication.
 +  - In **Security**, select the security type used by the network.
 +  - In **Connection Method**, click **Add**.
 +  - In **Method Name**, assign a name to the connection method, such as //PEAPGTCMethod.// 
 +  - In **Authentication Protocol, ** select //PEAP-GTC.// 
 +  - Under **PEAP-GTC**, select the following:
 +    * **Authentication Mode:**  User
 +    * **Credential Source: ** Account
 +    * **Account Name:**  Select the name of the account used for hardware token authentication.
 +  - Under **Login Form**ats, for both Inner Identity and Outer Identity, select the appropriate value from the drop-down list, as specified by your administrator .
 +  - Click **Save.** 
 +  - Click **Close ** to close the Options panel.
 +
 +<note important> that once a single user (or administrator) has configured the PEAP-GTC connection method (that is, Steps 8-10), you can export that user’s settings and then import them into Open Mobile profile for other users to make use of. </note>
 +
 +When included in a profile, user with the profile s will no longer need to configure the method individually, but will be able to select the method from the list of available connection methods to assign to the campus network.
 +
 +{{  :connection_method.jpg?300x359  }}
 +
 +
 +==== Connecting to a Network using Hardware Token Authentication ====
 +
 +Having configured a campus connection for token authentication, users can now connect to the network.
 +
 +**To connect using hardware token authentication:** 
 +  - Launch Open Mobile.
 +  - In the list of Available Networks, select the network that supports token authentication.
 +  - Under the name of the account, enter the prompted credentials for Hard Token (Username and Domain). Click **Continue**.
 +  - In **Passcode**, enter your PIN plus the token code.
 +    * To mask the entered characters for additional security, select **Hide characters.** 
 +    * If the entered passcode has expired, you will be prompted to generate a new one.
 +  - Click **Continue**. You will be connected to the network.
 +===== Software Token Authentication =====
 +
 +
 +==== Enabling Software Token Authentication in a Profile ====
 +
 +To enable software token authentication for a profile, you must create (or select) an account type to accept token credentials. You can customize the behavior of Open Mobile regarding software token authentication.
 +
 +**Rename Text Label:**  The text label used for the token entry box in Open Mobile can be renamed.
 +
 +**Token Entry:**  You can choose to require token entry by the user, or pre-fill the token value with a value contained in the profile. For optimal security, pre-filling the value is not recommended.
 +
 +**Save Token: ** You can choose to have Open Mobile save the value of the token entered by the user. If saved, you can choose how long Open Mobile will save the value: forever (users can override the saved value), until software restart, until sleep or hibernation, or for a defined interval.
 +
 +**To enable software token authentication for a profile:** 
 +  - Log into the Open Mobile Portal.
 +  - Select (or create) a profile to include software token authentication.
 +  - Under **Accounts**, click **Configure**.
 +  - Click **Create New Account.** 
 +  - In **Name ** and **Display Name**, enter an account name and display name.
 +  - Under **Account Attributes**, select the attributes for the account type, including Token.
 +  - Under **Token Type,**  select //Soft Token//.
 +  - Optionally, in **Field Label for this attribute**, if you wish to customize the label shown to users, enter a custom value.
 +  - Select values for token entry and for token saving.
 +  - Continue configuring the account type and profile as desired, and save.
 +
 +{{  :soft_token_configuration.jpg?450x253  }}
 +
 +
 +==== Enabling Software Token Authentication in Open Mobile ====
 +
 +Once they receive the profile you have modified or created, users can enable software token authentication in the Open Mobile client. You will need to supply users with the connection method details, including values for inner and outer identity.
 +
 +**To enable token authentication in Open Mobile:** 
 +  - Launch Open Mobile.
 +  - Click **Options | Wi-Fi.** 
 +  - Under **Campus Networks**, click **Add**.
 +  - In **Network Name**, enter the name of the network that requires token authentication.
 +  - In **Security**, select the security type used by the network.
 +  - In **Connection Method**, click **Add**.
 +  - In **Method Name,**  assign a name to the connection method, such as //PEAPGTCMethod.// 
 +  - In **Authentication Protocol**, select //PEAP-GTC.// 
 +  - Under **PEAP-GTC**, select the following:
 +    * **Authentication Mode:**  //User// 
 +    * **Credential Source: ** //Account // 
 +    * **Account Name:**  Select the name of the account used for hardware token authentication.
 +    * Under **Login Formats**, for both Inner Identity and Outer Identity, select the appropriate value from the drop-down list, as specified by your administrator .
 +  - Click **Save**.
 +  - Click **Close ** to close the **Options ** panel.
 +
 +<note important>Once a single user (or administrator) has configured the PEAP-GTC connection method (Steps 8-10), you can export that user’s settings and then import them into an Open Mobile profile for other users to make use of. When included in a profile, users with the profile will no longer need to configure the method individually, but will be able to select the method from the list of available connection methods to assign to the campus network. See [[Configuring OCR in Open Mobile]] for more information.</note>
 +
 +
 +==== Selecting a Token Provider ====
 +
 +Several software token providers may be available, and each can provide multiple tokens (distinguished by serial number). If so, the user will need to select the correct provider and token serial number before connecting.
 +
 +**To select a token provider:** 
 +  - Click **Options | Preferences.** 
 +  - Click **Token**.
 +  - Under **Preferred Token Type**, select the token provider and serial number of the token to be used for authentication.
 +  - Click **Close**.
 +
 +==== Connecting to a Network using Software Token Authentication ====
 +
 +Having configured a campus connection method for token authentication, and selected a token provider, users can now connect to the network.
 +
 +**To connect using software token authentication:** 
 +  - Launch Open Mobile.
 +  - In the list of Available Networks, select the network which supports token authentication.
 +  - Under the name of the account, enter the prompted credentials, including the token PIN.
 +  - Click **Continue**. You will be connected to the network.
 +
 +===== Generating a Passcode =====
 +
 +
 +If a passcode is required as a one-time password (OTP), you can use Open Mobile to generate one. Open Mobile will generate the passcode using the configured software token settings.
 +
 +
 +<note important>Passcode generation will be available only if an account with Software Token authentication is configured in the user’s profile. </note>
 +
 +
 +**To generate a new passcode:** 
 +
 +
 +1. Right-click the Open Mobile system tray icon and pick **Generate Passcode.** 
 +
 +
 +2. If the token PIN is not available, in **Enter PIN**, type the token PIN, and then click **OK**.
 +
 +
 +3. A new passcode is generated. Click **Copy ** to copy the generated passcode to the clipboard, where it can be used for other applications or connections.
 +
 +
 +==== Generating a New PIN ====
 +
 +If the hardware or software PIN has expired, the user will be prompted to generate a new PIN or allow the server to generate one using Open Mobile. New PIN generation is performed during the connection process.
 +
 +**To generate a new PIN if prompted:** 
 +  - After receiving the expired PIN message, in **Do you want to enter your own PIN?, ** do one of the following:
 +    * Enter **Y**  to enter your new PIN. Click **Continue**, and skip to Step 2.
 +    * Enter **N ** to have Open Mobile generate a PIN. Click **Continue**, and skip to Step 5.
 +  - Click **Continue**.
 +  - Enter your new PIN. The new PIN must be a numerical string 4 to 8 digits in length. To mask the entered characters for additional security, select** Hide characters.** 
 +  - Click **Continue**. Re-enter your new PIN to confirm it. Skip to Step 6.
 +  - Under **Are you prepared to accept a system generated PIN?**  Enter **Y**. Click **Continue**.
 +  - A new PIN is generated, and you will be connected to the network with your new PIN.
 +
 +{{tag>token_authentication token software_token hardware_token}}
  
 

©2015 iPass Inc. All rights reserved. Terms of Use