Recent Changes - Search:

Categories

Authentication Methods-Phone

Authentication Methods - Phone

Tags: Authentication Methods

Problem Definition

You have an installation of PortalGuard and are interested in learning more about using your phone as an authentication method.


Solution

Behavior

Disable Enrollment - Completely prevents users from enrolling in this type of authentication method.

Optional Enrollment - May remind unenrolled users to enroll during each login, but does not force them to.

  • Optional Enrollment Reminders - Three options for reminding unenrolled users:
    • 1. Always - Always prompt the user until they actually enroll
    • 2. Suppressible - Allows users to suppress the enrollment reminder by checking a box on the logon screen
    • 3. Never - Never prompts the user to enroll regardless of their enrollment status

Force Enrollment - Forces users to enroll in this type of self-service before allowing them to login.

  • Maximum Enrollment Deferments - The maximum number of times users can defer/skip enrollment before being forced. Set to 0 to disable this functionality and force users to enroll during their next login.

Confirmation Display of Phone Number - Optionally display the phone number to which the OTP was sent as confirmation. For security purposes, the phone number can be partially obscured or display can be completely prevented.

  • Do not display phone number
  • Obscured – Partially hidden digits
  • Display full phone number

Digits Displayed in Phone Number - For obscured display of phone numbers, the number of right-most digits to show.

Auto-Populate Mobile Phone Number - Synchronizes the user's primary phone in PortalGuard with their phone number in the User Repository. The following conditions apply:

  • Only supported for LDAP-based repositories
  • The User Repository configuration in PortalGuard must have a value set for 'Phone Field' on the 'LDAP Custom' tab
  • The phone's country will be set to the default in the '<PGROOT>\Policies\_PG_Countries.xml' file
  • Email-to-SMS delivery cannot be used since it also requires the user's phone provider. Third party SMS delivery must be utilized to take advantage of this auto-populate feature.

NOTE: No errors will be displayed to the end user if the phone is blank or the feature is misconfigured.

Require Periodic Phone Number Confirmation By End-User - This setting will prompt the user to enter an OTP sent to their phone every 'X' days. This feature is enforced during login to PortalGuard and can be used to ensure the user still has access to their phone. This confirmation can be either optional or required. If the user cancels an optional confirmation, they will be prompted again in the configured number of days. When marked as required, the user cannot login through PortalGuard until they have confirmed their phone number.

Prevent Modification of Phone Information By End-User - Locks the user's phone information and prevents its modification through PortalGuard's self-service features and Account Management page. This option should only be enabled if the phone information is automatically populated.

Allow Backup Phone Enrollment - Controls how many backup phones the user can enroll from the Account Management page. Enrollment of backup phones is always optional.

Allow Enrollment Only From Account Management - Prevents users from enrolling a phone during the Login process at all. This ensures users can only enroll phones from the Account Management page. This is a security feature when 2FA login with phone is enabled. Otherwise users could enroll a phone by providing just a username & password (1FA) and subsequently use it for 2FA.

Page last modified on March 11, 2016, at 04:05 PM