Documentation

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

Introduction

Use this guide to configure the Data tab in the Web Admin for each SecureAuth IdP realm.

This includes directory integration and user profile field mapping.

Prerequisites

1. An on-premises directory must be established and ready to integrate with SecureAuth IdP

2. A Service Account must be created for SecureAuth IdP with read privileges to access the data store, and write privileges (optional) to update user information

3. Create a New Realm for the target resource for which the configuration settings will apply, or open an existing realm for which configurations have already been started

4. Configure the Overview tab in the Web Admin before configuring the Data tab

Data Configuration Steps

 

1. In the Membership Connection Settings section, select the directory with which SecureAuth IdP will integrate for 2-Factor Authentication and assertion from the Data Store dropdown

2. Follow the distinct configuration steps for the specific data store in additional to the configuration steps on this page

Profile Provider Settings

 

3. Select True from the Same As Above dropdown if the profile fields used for authentication (telephone number, email address, knowledge-based questions) are all contained in the data stored selected in step 1

Select False if a different data store will be used to contain the profile fields, and select the data store type from the Default Profile Provider dropdown

Profile Connection Settings

No configuration is required in this section if True is selected from the Same As Above dropdown (step 3)

 

4. If False is selected from the Same As Above dropdown (step 3), select which data store type from the Data Store dropdown will be the Default Profile Provider dropdown from which user profile information will be pulled (e.g. Directory Server)

5. Follow the distinct configuration steps for the specific data store in addition to the configuration steps on this page

Profile Fields

This section is only required for LDAP and ODBC data stores

For SQL Server directories, refer to SQL User Data Store Tables and Stored Procedures Configuration Guide to create the profile mapping

For ASPNETDB directories, refer to ASP.NET DB Profile Mapping Configuration Guide to configure to data store to work with SecureAuth IdP

6. Map the SecureAuth IdP Property to the appropriate data store Field

For example, Groups is located in the memberOf data store Field

7. Change the Source from Default Provider if another directory is enabled in the Profile Connection Settings section and contains the Property

8. Check Writeable for a Property that will be changed in the data store by SecureAuth IdP

For example, user account information (telephone number) or authentication mechanisms (knowledge-based questions, fingerprints)

The Fields listed are only examples as each data store is organized differently and may have different values for each Property

 

9. Click Add Property if a required Property is not listed

10. Enter property name and click Add

11. The new Property will appear at the bottom of the list and can then be mapped to the appropriate data store Field

Global Aux Fields

 

12. Add any additional identities or user information that is not stored in the on-premises data store but will be used in assertion (optional)

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

  • No labels