Use this guide to configure the Data tab in the Web Admin for each SecureAuth IdP realm.

This includes directory integration and user profile field mapping.

1. An on-premises directory must be established and ready to integrate with SecureAuth IdP

2. A Service Account must be created for SecureAuth IdP with read privileges to access the data store, and write privileges (optional) to update user information

3. Create a New Realm for the target resource for which the configuration settings will apply, or open an existing realm for which configurations have already been started

4. Configure the Overview tab in the Web Admin before configuring the Data tab

 

1. In the Membership Connection Settings section, select the directory with which SecureAuth IdP will integrate for 2-Factor Authentication and assertion from the Data Store dropdown

2. Follow the distinct configuration steps for the specific data store in additional to the configuration steps on this page

 

3. Select True from the Same As Above dropdown if the profile fields used for authentication (telephone number, email address, knowledge-based questions) are all contained in the data stored selected in step 1

Select False if a different data store will be used to contain the profile fields, and select the data store type from the Default Profile Provider dropdown

No configuration is required in this section if True is selected from the Same As Above dropdown (step 3)

 

4. If False is selected from the Same As Above dropdown (step 3), select which data store type from the Data Store dropdown will be the Default Profile Provider dropdown from which user profile information will be pulled (e.g. Directory Server)

5. Follow the distinct configuration steps for the specific data store in addition to the configuration steps on this page

This section is only required for LDAP data stores

For SQL Server directories, refer to SQL User Data Store Tables and Stored Procedures Configuration Guide to create the profile mapping

For ASPNETDB directories, refer to ASPNETDB Configuration Guide to configure to data store to work with SecureAuth IdP

6. Map the SecureAuth IdP Property to the appropriate data store Field

For example, Groups is located in the memberOf data store Field

7. Change the Source from Default Provider if another directory is enabled in the Profile Connection Settings section and contains the Property

8. Check Writeable for a Property that will be changed in the data store by SecureAuth IdP

For example, user account information (telephone number) or authentication mechanisms (knowledge-based questions, fingerprints)

The Data Format section states how the information is stored in the directory (not available for all Profile Properties):

  • Plain Text: Stored as regular text, readable (default)
  • Standard Encryption: Stored and encrypted using RSA encryption
  • Advanced Encryption: Stored and encrypted using AES encryption
  • Standard Hash: Stored and encrypted using SHA 256 hash
  • Plain Binary: Stored as a binary representation of the data (uses a .NET library to make it binary – may not be readable by all applications)
  • JSON: Stored in a universal format, readable by all applications (similar to Plain Text)

The Fields listed are only examples as each data store is organized differently and may have different values for each Property

 

9. Click Add Property if a required Property is not listed

10. Enter property name and click Add

11. The new Property will appear at the bottom of the list and can then be mapped to the appropriate data store Field

Refer to LDAP Attributes / SecureAuth IdP Profile Properties Data Mapping for more information

 

12. Add any additional identities or user information that is not stored in the on-premises data store but will be used in assertion (optional)

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes