Account Definitions

An account definition is comprised of the specific credential types required for a successful login. When logging in to Open Mobile, users are prompted for the required credentials for the account definition, based on the settings you configure.

For example, one account definition may require username and password, while another may require a password and domain name but no username. Account definitions are created in the Open Mobile Portal.

An account definition represents the attributes used to create an account. It does not represent a particular user’s login credentials.

Credential Types

Credential types are highly configurable to accommodate a variety of login and authentication schemes. This allows you take granular control over the user’s login experience. For example, you can control whether or not the user is prompted for a domain prefix when logging in, or whether the prefix is pre-supplied.

  • Some field labels for accounts in Open Mobile can be changed and customized.
  • The values of several attributes may be pre-populated.
  • Field Labels even can be hidden so that the information never needs to be entered by the end user.

Account credentials can be configured as follows:

  • Username: You can assign username as a credential.
  • Password: You can control whether Open Mobile caches the password.
  • Domain: domain can be re-labeled. You can also choose to allow the user to enter the domain, select it from a drop-down list of previously entered domains, or to use a specific domain.
  • Prefix: prefix can be re-labeled, pre-populated, and hidden from the end user.
  • Authentication Format: In some cases, an authentication format that differs from the standard iPass authentication may be desired. You can use any of the following tokens to assign a format to the authentication string for the profile: %a for prefix, %u for username, and %d for domain. Your iPass technical contact will be able to advise you on how to define an alternate authentication format for your Open Mobile profile.

Account Settings

Account Name

An account name identifies the account. Some examples of account names:

  • Internet
  • VPN

Account Description

When defining a user account, the administrator can configure a description that will appear in the prompt the user will receive when entering that account name. Use a description that might help the user remember the username and password for this account. Some examples:

  • “This is the same username/password used for Acme Corporation email accounts.”
  • “This is your corporate username/password.”

Username

A username is required for authentication on the iPass network. In addition to authentication, this username will be used in reporting statistics.

Option Description
Field Label The label for the Username field can be changed. For example, if your organization uses employee IDs for user accounts, the label for the username field can be changed to read Employee ID, which would help instruct the user as to what value to use for this account. Note: There is a 20 character limit.

Password

A password is required for authentication on the iPass network. Although an Open Mobile password can be any number of characters in length, some iPass providers support only a RADIUS limit of 15 characters for password size. As a result, Open Mobile users with passwords longer than 15 characters may encounter issues at some network locations.

Option Description
Field Label The label for the Password field can be changed. For example, if you configured the label for username to be Email Username, you could also configure the label for the password to be Email Password. Note: There is a 20 character limit.
Save Password iPass Open Mobile can be configured to allow the user to save the password. (Cache duration must be set at Forever.)

iSEEL: (Supported on Open Mobile 2.3.0 for Mac and later) If a password is transmitted over the iPass network, local encryption is not used. Instead, public key cryptography (specifically, elliptical curve cryptography) is used to encrypt it. The password is not decrypted until it reaches the iPass POD Transaction Center. This encryption scheme is known as iSEEL (iPass End-to-End Encrypted Login).

iSEEL is an integral part of the iPass network and cannot be disabled. However, iSEEL is not enabled for locations that cannot support it.

Depending on the type of connection, there may be additional encryption with iSEEL.

  • For instance, with a Wi-Fi connection, the iSEEL-encrypted password would be passed through SSL encryption because of the SSL communication between PC and Wi-Fi gateway.
  • For iSEEL-enabled locations, the total limit of username, plus password, plus domain name, is 34 characters.

Valid Password Values

An Open Mobile password (for client connections or Portal logins) may include any of these characters:

  • Alphanumeric: A-Z, a-z, 0-9.
  • Special: accent mark (`), approximation mark (~), exclamation point (!), at-sign (@), pound sign (#), dollar sign ($), percentage (%), carat (^), ampersand (&), asterisk (*), left or right parenthesis, dash (-), underscore (_), equals sign( = ), plus sign (+), left or right bracket ({ }), left or right square bracket ([ ]), slash (/), backslash (\), pipe (|), colon( : ), semicolon(;), question mark (?), period (.), apostrophe (‘), comma (,), quotation mark (“), greater than sign(>), less than sign (<), space ( ).

Unicode characters are not supported for Open Mobile passwords.

Domain

A routing domain is required for iPass authentication. The routing domain is used to differentiate one customer’s users from another and is established during the initial setup of service with iPass.

The routing domain does not have to be a registered Internet domain or even in the format of an Internet domain. However, it must be unique across the iPass customer base.

Options Description
Field Label The label for the Domain field can be changed. Note: There is a 20 character limit.
User Text Entry Allows users to type in their own domain name. (If the user could be part of a large list of domains, or the profile in use is shared among multiple customers, then this is the most desirable option.)
Hide Field You can choose to hide a pre-filled domain field from users completely.

Prefix

If the routing domain field is needed for customer authentication routing, then a routing prefix field can be enabled. If chosen, this value must be unique across the iPass customer base. A routing prefix can be used to differentiate one customer’s users from another. This prefix is typically established during the initial establishment of service with iPass.

Options Description
Field Label The label for the Prefix field can be changed. Note: There is a 20 character limit.
User Text Entry Allows users to type in the prefix name. Note: If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option.
Pre-Filled Prefix Administrators can choose to pre-fill the prefix field with a fixed value. This is the most commonly used option.
Allow Edit If enabled, the user can edit the pre-populated prefix. Note: If the prefix is not recognized by iPass, the connection will not succeed. As a result, it is recommended that you disable this option.
Hide Field You can choose to hide a pre-filled prefix field from users completely. This is the most commonly used option.

Authentication Format

In some cases, an authentication format that differs from the standard iPass authentication may be desired. You can use any of the following tokens to assign attributes to the authentication string for the profile, for example %a for prefix, %u for username, and %d for domain. Each attribute (prefix, username, etc.) added to the authentication string has to be enabled for the Account.

Your iPass technical contact can advise you on how to define an alternate authentication format for an Open Mobile profile. For more information please see the Portal Guide.

Go to: Open Mobile for Mac Help



 

©2015 iPass Inc. All rights reserved. Terms of Use