Login / Password

Login into CFS with your Tenant Administrator account and navigate to Authentication | Login / Password.

Configuration

  • Enable the Login / Password authentication on CFS Master and / or CFS Proxy.
  • Enter the name of the attribute that will be used to identify the user in the identity store to validate the credentials.
  • Enter the message you want your users see to know what identifier to use when login in (e.g. Username or Email Address).
  • Every authentication method is associated with a Level of Assurance (LOA) This level can be used to enforce access permissions for applications. To indicate the LOA a person will be associated with when they login with a login / password, select the appropriate value from the "Level of Assurance" drop-down list.

This is the login page when you enable Login / Password authentication.

RSA SecurID

You can configure RSA SecurID to be embedded into the Login / Password form.

  • Enable the feature.
  • Enter the URL of the RSA server, including the port your Authentication API listens on. Please refer to the RSA documentation to ensure you have the authentication API configured properly.
  • Enter the Access Key for the authentication API.
  • Enter the authenticaton agent name that is used with the authentication API. Please refer ot the RSA documentation linked above for how to configure the agent.
  • Enter the FID attribute that correponds to your users' User ID in RSA.
  • Enter a text to help your users provide the correct information in the form.
  • Every authentication method is associated with a Level of Assurance (LOA). This level can be used to enforce access permissions for applications. To indicate the LOA a person will be associated with when they login with a login / password, select the appropriate value from the "Level of Assurance" drop-down list.

This is the login page when you enable RSA SecurID in the Login / Password form.

Two-Step Verification

RadiantOne CFS has it's own two-step verification system.

  • You can force the two-step verification for every single user trying to login with Login / Password authentication.
  • Allow the users to Identity verification with a smartphone application to use the two-step verification.
  • Every authentication method is associated with a Level of Assurance (LOA). This level can be used to enforce access permissions for applications. To indicate the LOA a person will be associated with when they login with a login / password, select the appropriate value from the "Level of Assurance" drop-down list.

Note: This feature cannot be combine with RSA SecurID.

When the user login using a login / password, he will be asked to provide a temporary password.

  • If he is using a smartphone application, he can choose "I have a code" and enter the one provided by the application. See how to enable two-step verification for the user.
  • He can request an email containing the temporary code.
  • If the external service Twilio is configured, he can request a text message or a phone call.

Yubico

RadiantOne CFS supports the external Two-Step Authentication (One Time Password) on a hardware token, Yubico. By default, you can use YubiCloud as authentication server, but you can also host your own server and use it by CFS.

Once you enable the YubiKeys for the users, they will be prompted on the login page to provide the one time password.

Note: To associate the users with a YubiKey, see the Tenant Administrator documentation.

Passthrough

You can indicate which claims are stored, for later use (these can be passed through and sent to applications/relying parties if needed). These claims can be defined as a constant value or something returned from the specific authentication method. Click on the New Passthrough button and then click Edit to define the claim with either the wizard or manually. When using the wizard, the "Input" function/option will indicate the possible claims (if any) that can come from the authentication method. To delete configured passthrough claims, click the delete button.

Click the "Save" button to save your configuration.