PhenixID Password Self Service

This article will instruct you how to configure the PhenixID Password Self Service (PPSS) scenario.

This article will NOT instruct you how to configure PPSS itself. To install and configure PPSS, please review the documentation at http://support.phenixid.se/sbs/step-by-step-phenixid-scenario-ppss/

Configure PhenixID Native Server

What address should PhenixID server listen on for incoming communication regarding one-time password request. If you use the default values it will listen on all available ip-addresses on port 3100.

Settings for PhenixID Password Self Service (PPSS)

Add the ip-address of the PPSS server.

If you enable encryption all data between the PPSS and the PhenixID server will be encrypted.

Note: You also need to enable this in PPSS.

Select delivery method(s)

Select available methods that you will support.

Depending on your choice maybe some of the upcoming configuration steps will not be available.

Configure PhenixID Message Gateway

Select existing or create new Message Gateway configuration.

To create a new Message Gateway configuration, follow the steps in the Message Gateway settings guide.

Click 'Test connection' to verify.

Configure SMTP server

Select existing or create new SMTP configuration.

To create a new SMTP configuration, follow the steps in the SMTP settings guide.

Configure PIN code settings

If using PIN code, enable and configure PIN code placement and userstore attribute containing the PIN code.

Userstore selection

Select existing or create new primary userstore.

To create a new connection, follow the steps in the LDAP connection guide.

User search settings

Enter a search filter. This will be used to locate the authenticating user.  Configure the search base by browsing through clicking "Choose" or manually enter the search base root. None of the values may be blank.

Example to login using email as username:

mail={{request.User-Name}}

This following example will only allow users that are member of the OTP-GROUP and title starting with Manager.

(&(sAMAccountName={{request.User-Name}})(memberof=cn=OTP-GROUP,ou=groups,dc=phenixid,dc=local)(title=Manager*))

Summary

Review the summary and click Create.

After a couple of seconds the RADIUS server is ready to handle incoming authentication requests.

Edit configuration

Additional configuration or deletion is done by expanding the heading and clicking the desired name of what needs to be edited.