Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ios_accounts [2013/05/03 21:43]
cpanell [Authentication Format]
ios_accounts [2014/02/28 21:04] (current)
ybarajas [Authentication Format]
Line 1: Line 1:
 +====== Account Definitions ======
  
 +
 +An //account definition// is comprised of the specific credential types required for a successful login. When logging in to Open Mobile, users are prompted for the required credentials for the account definition, based on the settings you configure.
 +
 +
 +For example, one account definition may require username and password, while another may require a password and domain name but no username. Account definitions are created in the Open Mobile Portal.
 +
 +
 +You can create multiple account definitions as needed, but you must create at least one for use on the iPass network that includes username, password, and domain.
 +
 +
 +<note important>An account definition represents the attributes used to create an account. It does not represent a particular user’s login credentials.</note>
 +===== Credential Types =====
 +
 +
 +Credential types are highly configurable to accommodate a variety of login and authentication schemes. This allows you take granular control over the user’s login experience. For example, you can control whether or not the user is prompted for a domain prefix when logging in, or whether the prefix is pre-supplied.
 +
 +
 +    * The values of several attributes may be pre-populated.
 +    * Field Labels even can be hidden so that the information never needs to be entered by the end user.
 +
 +
 +<note important>Unlike other platforms, for iOS profiles, credentials cannot be re-labeled.</note>
 +
 +
 +Account credentials can be configured as follows:
 +
 +
 +    * **Username: ** you can set a username on the account.
 +    * **Password:**  you can set a password on the account.
 +    * **Domain:**  You can choose to allow the user to enter the domain, select it from a drop-down list of previously entered domains, or to use a specific domain.
 +    * **Prefix:**  prefix can be pre-populated or hidden from the end user.
 +    * **Authentication Format:**  In some cases, an authentication format that differs from the standard iPass authentication may be desired. You can use any of the following tokens to assign a format to the authentication string for the profile: %a for prefix, %u for username, and %d for domain. Your iPass technical contact will be able to advise you on how to define an alternate authentication format for your Open Mobile profile.
 +===== Account Settings =====
 +
 +==== Username ====
 +
 +
 +A username is required for authentication on the iPass network. In addition to authentication, this username will be used in reporting statistics.
 +
 +
 +==== Password ====
 +
 +
 +A password is required for authentication on the iPass network. Although an Open Mobile password can be any number of characters in length, some iPass providers support only a RADIUS limit of 15 characters for password size. As a result, Open Mobile users with passwords longer than 15 characters may encounter issues at some network locations.
 +
 +
 +=== Password Encryption ===
 +
 +
 +An Open Mobile is encrypted in three ways when it is stored locally: first, by characteristics derived from the user; second, by machine characteristics; and third, using an AES 256 key.
 +
 +
 +=== Valid Password Values ===
 +
 +
 +An Open Mobile password (for client connections or Portal logins) may include any of these characters:
 +
 +
 +    * Alphanumeric: A-Z, a-z, 0-9.
 +    * Special: accent mark (`), approximation mark (~), exclamation point (!), at-sign (@), pound sign (#), dollar sign ($), percentage (%), carat (^), ampersand (&), asterisk (<nowiki>*</nowiki>), left or right parenthesis, dash (-), underscore (_), equals sign( = ), plus sign (+), left or right bracket ({, }), left or right square bracket ([, ]), slash (/), backslash (<nowiki>\</nowiki>), pipe (|), colon( : ), semicolon(;), question mark (?), period (.), apostrophe (‘), comma (,), quotation mark ("), greater than sign(>), less than sign (<), space ( ).
 +
 +
 +Unicode characters are not supported for Open Mobile passwords.
 +
 +
 +==== Domain ====
 +
 +
 +A routing domain is required for iPass authentication. The routing domain is used to differentiate one customer’s users from another and is established during the initial setup of service with iPass.
 +
 +
 +The routing domain need not be a registered Internet domain or even in the format of an Internet domain. However, it must be unique across the iPass customer base.
 +
 +
 +If the routing domain field is not used for iPass authentication routing, it can be used for authentication routing on the customer network. For instance, in a multiple domain Active Directory model, a domain name may be necessary to differentiate usernames that might exist in more than one domain (for example, jdoe@europe.acme.com instead of jdoe@asia.acme.com).
 +
 +
 +**Fully Qualified Domains:**  A pre-filled domain may be fully qualified. However, you can you can only configure domains with a root suffix that matches a domain which is already registered to you. For example, if you were configuring a domain for example1.com, then sales.example1.com would be an acceptable fully qualified domain, but sales.example2.com would not be.
 +
 +
 +^Options ^Description |
 +|**Pre-Filled Domain**  |You can choose to pre-fill the domain field with a fixed value. If the domain field is used for iPass authentication and only one domain is to be used, then pre-filling the domain field (and making it non-editable) will ensure that the user utilizes the correct domain name. |
 +|**Drop-Down List**  |You can choose to pre-configure a list of domains from which the user can choose. |
 +|**User Text Entry**  |Allows users to type in their own domain name. (If the user could be part of a large list of domains, or the profile in use is shared among multiple customers, then this is the most desirable option.) |
 +|**Allow Edit**  |If enabled, the user can edit the pre-populated domain. |
 +|**Hide Field**  |You can choose to hide a pre-filled domain field from users completely. |
 +
 +
 +==== Prefix ====
 +
 +
 +If the routing domain field is needed for customer authentication routing, then a routing prefix field can be enabled. If chosen, this value must be unique across the iPass customer base. A routing prefix can be used to differentiate one customer’s users from another. This prefix is typically established during the initial establishment of service with iPass.
 +
 +
 +^Options ^Description |
 +|**User Text Entry**  |Allows users to type in the prefix name. **Note:** //If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option.//  |
 +|**Pre-Filled Prefix**  |Administrators can choose to pre-fill the prefix field with a fixed value. This is the most commonly used option. |
 +|**Allow Edit**  |If enabled, the user can edit the pre-populated prefix. **Note:** //If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option.//  |
 +|**Hide Field**  |You can choose to hide a pre-filled prefix field from users completely. This is the most commonly used option. |
 +
 +
 +==== Authentication Format ====
 +
 +
 +In some cases, an authentication format that differs from the standard iPass authentication may be desired. You can use any of the following tokens to assign a format to the authentication string for the profile: %a for prefix, %u for username, and %d for domain.
 +
 +
 +Your iPass technical contact can advise you on how to define an alternate authentication format for an Open Mobile profile.
 +
 +Go to: **[[ios_help|Open Mobile for iOS Help]]**
 +
 +{{tag>authentication_format password username accounts credentials domain prefix ios}}
 

©2015 iPass Inc. All rights reserved. Terms of Use