11 Replication Wizard
14.2 Setting up the Message Delivery Component
All the instructions described in this section need to be completed in the IDENTIKEY Appliance Configuration Tool.
The Message Delivery Component (MDC) is necessary to support Virtual DIGIPASS authentication. The MDC interfaces with a gateway service to send a One Time Password to a User’s mobile phone, an email address or via voice message. The MDC acts as a service, accepting messages from the IDENTIKEY Appliance which are then forwarded to an email address or to a text message gateway via the HTTP/HTTPS protocol.
14.2.1 SMS Gateway Configuration
Since every gateway uses different submission parameters, certain settings are required, which can be configured through the IDENTIKEY Appliance Configuration Tool. Depending on the type of gateway server to use, different configurations are possible. The settings required are listed below. To configure SMS gateway settings with an SMS server, you need to enter the following information in the IDENTIKEY Appliance Configuration Tool:
Name – display name of the MDC profile; ad-hoc field used primarily to describe and further identify the profile Profile – actual name of the MDC profile
Enabled – if selected, this gateway is enabled The URL to access the gateway server
The user name and password for the gateway account The required query string
The query method (GET or POST) required by the gateway
To configure SMS gateway settings with an SMPP server, you need to enter the following information in the IDENTIKEY Appliance Configuration Tool:
Name – display name of the MDC profile; ad-hoc field used primarily to describe and further identify the profile Profile – actual name of the MDC profile
Enabled – if selected, this gateway is enabledThe URL to access the gateway server The URL to access the gateway server
The port used to connect to the gateway
The user name and password for the gateway account The SMPP system type
The SMPP source address number and Numbering Plan Indicator (NPI) The SMPP destination address NPI
First contact your gateway provider for this information, and if you have any difficulties, please contact your supplier.
MDC for SMS gateway setup requires the following steps:
1. Select Authentication Server > Message Delivery Component in the IDENTIKEY Appliance Configuration Tool.
2. Enable the Message Delivery Component settings.
3. Select the type of server to be used by clicking Add SMS Server or Add SMPP Server.
4. Complete the fields for the selected server with the information gathered above.
5. Click Add to activate the settings.
Image 64: Message Delivery Component Screen
Result options which can be configured for MDC setup allow messages returned from the gateway to be modified.
Modifications allow more user friendly feedback to be forwarded to the auditing system. For information on how to configure result options, please refer to the IDENTIKEY Appliance Administrator Reference Guide .
How to set up Virtual DIGIPASS
For more information on Auditing, please see section 21.4 Auditing and also refer to the Auditing section in the IDENTIKEY Appliance Product Guide section. For more information on the fields available for MDC setup, please refer to the IDENTIKEY Appliance Administrator Reference Guide.
14.2.2 Email Gateway Configuration
To configure email gateway settings, you need to enter into the following information in the IDENTIKEY Appliance Configuration Tool:
Name – display name of the MDC profile; ad-hoc field used primarily to describe and further identify the profile Profile – actual name of the MDC profile
Enabled – if selected, this gateway is enabled The URL to access the gateway server
The SMTP relay host, port and connection security (No SSL/TLS, Use SSL or Use TLS). If SSL or TLS are used, a certificate is required, which needs to be retrieved from the Email Gateway. This needs to be uploaded in PEM format.
SMTP authentication (optional) From address
MDC for email gateway setup requires the following steps in the IDENTIKEY Appliance Configuration Tool:
1. Select Authentication Server > Message Delivery Component in the IDENTIKEY Appliance Configuration Tool.
2. Enable the Message Delivery Component settings.
3. Click the Add SMTP Server button.
4. Complete the fields with the necessary information.
5. Click Add to activate the settings.
Image 65: System > Settings screen
14.2.3 Voice Gateway Configuration
To configure voice gateway settings, you need to enter into the following information in the IDENTIKEY Appliance Configuration Tool:
Name – display name of the MDC profile; ad-hoc field used primarily to describe and further identify the profile Profile – actual name of the MDC profile
Enabled – if selected, this gateway is enabled The URL to access the gateway server
The user name and password for the gateway account The phone number prefix for the voice settings The required query string
How to set up Virtual DIGIPASS
MDC for voice gateway setup requires the following steps in the IDENTIKEY Appliance Configuration Tool:
1. Select Authentication Server > Message Delivery Component in the IDENTIKEY Appliance Configuration Tool.
1. Enable the Message Delivery Component settings.
2. Click the Add Voice Server button.
3. Complete the fields with the necessary information.
4. Click Add to activate the settings.
14.2.4 SMS/Email Message Configuration
To customize the message sent by the MDC, access the Message Settings screen. To do so, navigate to Authentication Server > Message Settings.
Image 66: Message Settings
To designate where the One Time Password appears in the message, use the variable [OTP].
14.2.5 Importing and Exporting Gateway Definitions
The IDENTIKEY Appliance Configuration Tool allows you to import and export gateway definitions. This allows you
IDENTIKEY Appliance instances or to import gateway settings from IDENTIKEY Authentication Server to IDENTIKEY Appliance (and vice versa).
The Import feature also makes it easier to apply gateway settings for supported third-party SMS gateway provider services.
To import a gateway definition:
1. Select Authentication Server > Message Delivery Component in the IDENTIKEY Appliance Configuration Tool.
2. Select the required delivery method.
3. Enable that delivery method by selecting the corresponding check box.
4. Click the Import gateway button.
5. Browse to the gateway description file and click the Import button.
6. Edit the newly imported file and check the imported details from the file.
7. Configure load-balancing, failover, and/or failback by specifying:
a. the order in which the gateway definition appears on the gateway list; do so by dragging the gateway to the required position in the table in the overview screen.
b. the Server Type (Primary or Backup) in the details screen of the relevant gateway.
8. Click the Apply button.
9. Click the OK button.
How to set up Virtual DIGIPASS
14.3 Editing an IDENTIKEY Appliance Policy
Policies can be edited to use a:
Primary Virtual DIGIPASS Backup Virtual DIGIPASS or both
With a Backup Virtual DIGIPASS, restrictions are possible by time or number of uses. For guidance on
implementing Virtual DIGIPASS and restrictions, please refer to the IDENTIKEY Appliance Product Guide, Virtual DIGIPASS section.
You may need to read the policy information in the Product Guide before following these instructions.
14.3.1 Primary Virtual DIGIPASS
Set Up Policy
1. Open the Administration Web Interface.
2. Click on Policies -> List.
3. Select the policy in which you wish to enable the use of Virtual DIGIPASS.
4. Click on the Virtual DIGIPASS tab.
5. Click Edit.
6. Select a Virtual DIGIPASS Delivery Method – Email, SMS or Voice.
7. Select one of the following options as the Request Method:
Keyword – user enters the Request Keyword into the password field.
Password - user enters their static password only into the password field.
KeywordPassword – user enters the Request Keyword, followed by their static password, into the password field.
PasswordKeyword - user enters their static password, followed by the Request Keyword, into the password field.
KeywordOnly None
8. If you have selected an option which includes the use of a Request Keyword, enter it in the PVDP Request Keyword field.
9. Click on Save.
14.3.2 Backup Virtual DIGIPASS
Permitted, Not Mandatory
1. Open the Administration Web Interface.
2. Click on Policies -> List.
3. Select the Policy in which you wish to enable the use of Virtual DIGIPASS.
4. Click Edit.
5. Click on the Virtual DIGIPASS tab.
6. Select a Virtual DIGIPASS Delivery Method – Email, SMS or Voice.
7. Select Yes – Permitted from the Enable Backup VDP drop down list.
8. If desired, enter a maximum number of uses. This will be calculated for each person using a Backup Virtual DIGIPASS.
9. Click on Save.
Permitted, Not Mandatory, Time-Limited 1. Open the Administration Web Interface.
2. Click on Policies -> List.
3. Select the policy in which you wish to enable the use of Virtual DIGIPASS.
4. Click Edit.
5. Click on the Virtual DIGIPASS tab.
6. Select a Virtual DIGIPASS Delivery Method – Email, SMS or Voice.
7. Select Yes – Time Limited from the Enable Backup VDP drop down list.
8. Enter a time limit (in days) into the Time Limit field. At the end of this time period – calculated from their first use - the user will no longer be permitted to use a Backup Virtual DIGIPASS.
9. If desired, enter a maximum number of uses. This will be calculated for each person using a Backup Virtual DIGIPASS.
Mandatory
1. Open the Administration Web Interface.
2. Click on Policies -> List.
3. Select the Policy in which you wish to enable the use of Virtual DIGIPASS.
4. Click Edit.
5. Click on the Virtual DIGIPASS tab.
6. Select a Virtual DIGIPASS Delivery Method – Email, SMS or Voice.
7. Select Yes – Required from the Enable Backup VDP drop down list.
8. If desired, enter a maximum number of uses. This will be calculated for each person using a Backup Virtual DIGIPASS.
9. Click on Save.
How to set up Virtual DIGIPASS
Backup Virtual DIGIPASS may also be enabled for individual users, via each DIGIPASS record. Settings in the user record overrule equivalent policy settings.