Account Definitions

An account definition is comprised of the specific credential types required for a successful login. When logging in to Open Mobile, users are prompted for the required credentials for the account definition, based on the settings you configure.

For example, one account definition may require username and password, while another may require a password and domain name but no username. Account definitions are created in the Open Mobile Portal.

You can create multiple account definitions as needed, but you must create at least one for use on the iPass network that includes username, password, and domain.

An account definition represents the attributes used to create an account. It does not represent a particular user’s login credentials.

Credential Types

Credential types are highly configurable to accommodate a variety of login and authentication schemes. This allows you take granular control over the user’s login experience. For example, you can control whether or not the user is prompted for a domain prefix when logging in, or whether the prefix is pre-supplied.

  • The values of several attributes may be pre-populated.
  • Field Labels even can be hidden so that the information never needs to be entered by the end user.
Unlike other platforms, for iOS profiles, credentials cannot be re-labeled.

Account credentials can be configured as follows:

  • Username: you can set a username on the account.
  • Password: you can set a password on the account.
  • Domain: You can choose to allow the user to enter the domain, select it from a drop-down list of previously entered domains, or to use a specific domain.
  • Prefix: prefix can be pre-populated or hidden from the end user.
  • Authentication Format: In some cases, an authentication format that differs from the standard iPass authentication may be desired. You can use any of the following tokens to assign a format to the authentication string for the profile: %a for prefix, %u for username, and %d for domain. Your iPass technical contact will be able to advise you on how to define an alternate authentication format for your Open Mobile profile.

Account Settings

Username

A username is required for authentication on the iPass network. In addition to authentication, this username will be used in reporting statistics.

Password

A password is required for authentication on the iPass network. Although an Open Mobile password can be any number of characters in length, some iPass providers support only a RADIUS limit of 15 characters for password size. As a result, Open Mobile users with passwords longer than 15 characters may encounter issues at some network locations.

Password Encryption

An Open Mobile is encrypted in three ways when it is stored locally: first, by characteristics derived from the user; second, by machine characteristics; and third, using an AES 256 key.

Valid Password Values

An Open Mobile password (for client connections or Portal logins) may include any of these characters:

  • Alphanumeric: A-Z, a-z, 0-9.
  • Special: accent mark (`), approximation mark (~), exclamation point (!), at-sign (@), pound sign (#), dollar sign ($), percentage (%), carat (^), ampersand (&), asterisk (*), left or right parenthesis, dash (-), underscore (_), equals sign( = ), plus sign (+), left or right bracket ({, }), left or right square bracket ([, ]), slash (/), backslash (\), pipe (|), colon( : ), semicolon(;), question mark (?), period (.), apostrophe (‘), comma (,), quotation mark (“), greater than sign(>), less than sign (<), space ( ).

Unicode characters are not supported for Open Mobile passwords.

Domain

A routing domain is required for iPass authentication. The routing domain is used to differentiate one customer’s users from another and is established during the initial setup of service with iPass.

The routing domain need not be a registered Internet domain or even in the format of an Internet domain. However, it must be unique across the iPass customer base.

If the routing domain field is not used for iPass authentication routing, it can be used for authentication routing on the customer network. For instance, in a multiple domain Active Directory model, a domain name may be necessary to differentiate usernames that might exist in more than one domain (for example, jdoe@europe.acme.com instead of jdoe@asia.acme.com).

Fully Qualified Domains: A pre-filled domain may be fully qualified. However, you can you can only configure domains with a root suffix that matches a domain which is already registered to you. For example, if you were configuring a domain for example1.com, then sales.example1.com would be an acceptable fully qualified domain, but sales.example2.com would not be.

Options Description
Pre-Filled Domain You can choose to pre-fill the domain field with a fixed value. If the domain field is used for iPass authentication and only one domain is to be used, then pre-filling the domain field (and making it non-editable) will ensure that the user utilizes the correct domain name.
Drop-Down List You can choose to pre-configure a list of domains from which the user can choose.
User Text Entry Allows users to type in their own domain name. (If the user could be part of a large list of domains, or the profile in use is shared among multiple customers, then this is the most desirable option.)
Allow Edit If enabled, the user can edit the pre-populated domain.
Hide Field You can choose to hide a pre-filled domain field from users completely.

Prefix

If the routing domain field is needed for customer authentication routing, then a routing prefix field can be enabled. If chosen, this value must be unique across the iPass customer base. A routing prefix can be used to differentiate one customer’s users from another. This prefix is typically established during the initial establishment of service with iPass.

Options Description
User Text Entry Allows users to type in the prefix name. Note: If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option.
Pre-Filled Prefix Administrators can choose to pre-fill the prefix field with a fixed value. This is the most commonly used option.
Allow Edit If enabled, the user can edit the pre-populated prefix. Note: If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option.
Hide Field You can choose to hide a pre-filled prefix field from users completely. This is the most commonly used option.

Authentication Format

In some cases, an authentication format that differs from the standard iPass authentication may be desired. You can use any of the following tokens to assign a format to the authentication string for the profile: %a for prefix, %u for username, and %d for domain.

Your iPass technical contact can advise you on how to define an alternate authentication format for an Open Mobile profile.

Go to: Open Mobile for iOS Help

 

©2015 iPass Inc. All rights reserved. Terms of Use