Identity Attribute Definitions for On-Demand Tokencode Delivery by E-Mail

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

If you want to deliver on-demand tokencodes by e-mail, you must ensure that Authentication Manager 8.2 can access the database attribute where you store users’ e-mail addresses.

Use the following table to determine whether additional configuration is required.

                               

Identity Sources In Your Deployment

Configuration

Internal database

Select E-Mail to use the e-mail configured for the user and stored in the internal database.

Make sure that the configured e-mail address does not require the user to authenticate using an on-demand tokencode.

If the e-mail address requires the user to authenticate with an on-demand tokencode, the user cannot retrieve the tokencode. In this case, create an identity attribute definition in the internal database that can store an e-mail address that does not require the user to authenticate with an on-demand tokencode.

At least one LDAP directory identity source that contains e-mail addresses

Select E-Mail to use the attribute you mapped to the E-Mail field when you configured the identity source.

Make sure that the configured e-mail address does not require the user to authenticate using an on-demand tokencode.

If the e-mail address configured in your directory requires the user to authenticate with an on-demand tokencode, the user cannot retrieve the tokencode. In this case, create an identity attribute definition, and map it to an LDAP attribute where you store a user e-mail address that does not require the user to authenticate with an on-demand tokencode.

At least one LDAP directory identity source, and you want to use the e-mail address value in the LDAP directory “mail” field.

No attribute mapping required.

When you add an LDAP directory, Authentication Manager 8.2 automatically links to the “mail” attribute in an LDAP directory.

When you configure on-demand tokencode delivery, select “mail” from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page.

At least one LDAP directory identity source, and you want to use the e-mail address value in an LDAP directory field other than the “mail” field.

You may edit the “E-mail” identity attribute definition in Authentication Manager 8.2 or create a new one, so that it maps to the LDAP directory attribute that you want to use for e-mail addresses. For more information, see Edit an Identity Source.

When you configure on-demand tokencode delivery, select “mail” from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page.

At least one LDAP directory identity source, and you want to store user e-mail addresses in the internal database because the LDAP directory does not contain e-mail addresses.

You must create an identity attribute definition for user e-mail addresses that is always stored internally.

When you configure on-demand tokencode delivery, select the attribute that you created from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page.

 

 


Attachments

    Outcomes