An account definition is comprised of the specific credential types required for a successful login. When logging in to Open Mobile, users are prompted for the required credentials for the account definition, based on the settings you configure.
For example, one account definition may require username and password, while another may require a password and domain name but no username. Account definitions are created in the Open Mobile Portal.
Credential types are highly configurable to accommodate a variety of login and authentication schemes. This allows you take granular control over the user’s login experience. For example, you can control whether or not the user is prompted for a domain prefix when logging in, or whether the prefix is pre-supplied.
Account credentials can be configured as follows:
An account name identifies the account. Some examples of account names:
When defining a user account, the administrator can configure a description that will appear in the prompt the user will receive when entering that account name. Use a description that might help the user remember the username and password for this account. Some examples:
A username is required for authentication on the iPass network. In addition to authentication, this username will be used in reporting statistics.
Option | Description |
---|---|
Field Label | The label for the Username field can be changed. For example, if your organization uses employee IDs for user accounts, the label for the username field can be changed to read Employee ID, which would help instruct the user as to what value to use for this account. Note: There is a 20 character limit. |
A password is required for authentication on the iPass network. Although an Open Mobile password can be any number of characters in length, some iPass providers support only a RADIUS limit of 15 characters for password size. As a result, Open Mobile users with passwords longer than 15 characters may encounter issues at some network locations.
Option | Description |
---|---|
Field Label | The label for the Password field can be changed. For example, if you configured the label for username to be Email Username, you could also configure the label for the password to be Email Password. Note: There is a 20 character limit. |
Save Password | iPass Open Mobile can be configured to allow the user to save the password. (Cache duration must be set at Forever.) |
iSEEL: (Supported on Open Mobile 2.3.0 for Mac and later) If a password is transmitted over the iPass network, local encryption is not used. Instead, public key cryptography (specifically, elliptical curve cryptography) is used to encrypt it. The password is not decrypted until it reaches the iPass POD Transaction Center. This encryption scheme is known as iSEEL (iPass End-to-End Encrypted Login).
iSEEL is an integral part of the iPass network and cannot be disabled. However, iSEEL is not enabled for locations that cannot support it.
Depending on the type of connection, there may be additional encryption with iSEEL.
An Open Mobile password (for client connections or Portal logins) may include any of these characters:
Unicode characters are not supported for Open Mobile passwords.
A routing domain is required for iPass authentication. The routing domain is used to differentiate one customer’s users from another and is established during the initial setup of service with iPass.
The routing domain does not have to be a registered Internet domain or even in the format of an Internet domain. However, it must be unique across the iPass customer base.
Options | Description |
---|---|
Field Label | The label for the Domain field can be changed. Note: There is a 20 character limit. |
User Text Entry | Allows users to type in their own domain name. (If the user could be part of a large list of domains, or the profile in use is shared among multiple customers, then this is the most desirable option.) |
Hide Field | You can choose to hide a pre-filled domain field from users completely. |
If the routing domain field is needed for customer authentication routing, then a routing prefix field can be enabled. If chosen, this value must be unique across the iPass customer base. A routing prefix can be used to differentiate one customer’s users from another. This prefix is typically established during the initial establishment of service with iPass.
Options | Description |
---|---|
Field Label | The label for the Prefix field can be changed. Note: There is a 20 character limit. |
User Text Entry | Allows users to type in the prefix name. Note: If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option. |
Pre-Filled Prefix | Administrators can choose to pre-fill the prefix field with a fixed value. This is the most commonly used option. |
Allow Edit | If enabled, the user can edit the pre-populated prefix. Note: If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option. |
Hide Field | You can choose to hide a pre-filled prefix field from users completely. This is the most commonly used option. |
In some cases, an authentication format that differs from the standard iPass authentication may be desired. You can use any of the following tokens to assign attributes to the authentication string for the profile, for example %a for prefix, %u for username, and %d for domain. Each attribute (prefix, username, etc.) added to the authentication string has to be enabled for the Account.
Your iPass technical contact can advise you on how to define an alternate authentication format for an Open Mobile profile. For more information please see the Portal Guide.
Go to: Open Mobile for Mac Help