Identity Attribute Definitions for On-Demand Tokencode Delivery by E-MailIdentity Attribute Definitions for On-Demand Tokencode Delivery by E-Mail
If you want to deliver on-demand tokencodes by e-mail, you must ensure that Authentication Manager can access the database attribute where you store users’ e-mail addresses.
Use the following table to determine whether additional configuration is required.
|
Identity Sources In Your Deployment |
Configuration |
|
Internal database |
Select E-Mail to use the e-mail configured for the user and stored in the internal database. Make sure that the configured e-mail address does not require the user to authenticate using an on-demand tokencode. If the e-mail address requires the user to authenticate with an on-demand tokencode, the user cannot retrieve the tokencode. In this case, create an identity attribute definition in the internal database that can store an e-mail address that does not require the user to authenticate with an on-demand tokencode. |
|
At least one LDAP directory identity source that contains e-mail addresses |
Select E-Mail to use the attribute you mapped to the E-Mail field when you configured the identity source. Make sure that the configured e-mail address does not require the user to authenticate using an on-demand tokencode. If the e-mail address configured in your directory requires the user to authenticate with an on-demand tokencode, the user cannot retrieve the tokencode. In this case, create an identity attribute definition, and map it to an LDAP attribute where you store a user e-mail address that does not require the user to authenticate with an on-demand tokencode. |
|
At least one LDAP directory identity source, and you want to use the e-mail address value in the LDAP directory “mail” field. |
No attribute mapping required. When you add an LDAP directory, Authentication Manager automatically links to the “mail” attribute in an LDAP directory. When you configure on-demand tokencode delivery, select “mail” from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page. |
|
At least one LDAP directory identity source, and you want to use the e-mail address value in an LDAP directory field other than the “mail” field. |
You may edit the “E-mail” identity attribute definition in Authentication Manager or create a new one, so that it maps to the LDAP directory attribute that you want to use for e-mail addresses. For more information, see Edit an Identity Source. When you configure on-demand tokencode delivery, select “mail” from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page. |
|
At least one LDAP directory identity source, and you want to store user e-mail addresses in the internal database because the LDAP directory does not contain e-mail addresses. |
You must create an identity attribute definition for user e-mail addresses that is always stored internally. When you configure on-demand tokencode delivery, select the attribute that you created from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page. |
