SmartAuth — combine tokens and passwords

Learn how to create a SmartAuth rule for multiple groups.

Example scenario

If there are for example three different groups of users and the first group uses tokens (hardware or software), the second uses Pointsharp Password, and the third group uses directory passwords. Above scenario can be solved using SmartAuth by following these steps below.

Solution

  1. Create a group in the directory for tokens, and one for Pointsharp Password, and add the correct users to each group.

    Wildcard will be used in the SmartAuth for the users with directory password in this example - so no group needed for these users.

  2. Next step is to create three authentication methods; one for Token, one for directory password and one for Pointsharp Password in Pointsharp ID Admin GUI (in the Authentication tab).

  3. Create a new SmartAuth authentication method in Pointsharp ID Admin GUI. In this example it is called SmartAuth Token_AD_PSPass.

  4. Next click Add under Authentication Policy to create the first part of the SmartAuth rule. This example starts with tokens.

  5. In the SmartAuth Policy window choose:

    "Type" = UserAttribute, "Attribute Name" = memberOf, "Matching Pattern"

    Enter the path to the group in your directory. For example:

    CN=OATH,OU=PSIDUsers,DC=test,DC=net.

  6. Choose the authentication method to use - in this case the OATH method.

  7. Create one more authentication policy for the Pointsharp Password like this:

    "Type" = UserAttribute, "Matching Pattern"

    For example: CN=PSPass,OU=PSIDUsers,DC=test,DC=net, and then add Pointsharp Password authentication method to this policy.

  8. Create the last authentication policy for the directory password. Configure it with:

    "Type" = UserAttribute, "Matching Pattern"

    Add a wildcard for the matching pattern like this:

    "Matching Pattern" = *

  9. Choose directory password authentication method. Put this rule last. This means that if a user does not exist in the Token Group, or in the Pointsharp Password Group, they will be triggered on the wildcard rule.

  10. Click OK and apply the rule. Restart the Pointsharp ID Admin GUI service.

The SmartAuth rule is now completed, and there are rules for three different types of authentications all combined into one rule.