Secure Mobile Access 12.4 Administration Guide

Chained Authentication Login Example

In this example, the system administrator has set up two authentication methods for a realm named Employees.

The primary authentication server uses RADIUS; the Proof prompt (on the Configure Authentication Server page, under Advanced settings) was customized to read Passcode.

The secondary authentication server uses LDAP; the Proof prompt was customized to read Remote access password.

The Advanced settings on the Configure Realm - Employees page show customized Title, Message, and Identity prompts.

Based on these AMC settings, the login screen that users see would look like this:

Because the user names on both authentication servers are the same, the user types his or her username only once.

  • If the user makes an error while entering username or password information, an error message appears (The credentials provided were invalid) and only the prompts for the secondary authentication server are displayed. To re-enter his or her credentials, the user must first go to the original login page by clicking the browser’s Back button.

  • When a username and password are used for both authentication methods, the usernames do not need to be the same (although they typically are). If the primary username is mapped to a role in AMC, such as the AMC Administrator Role, the secondary username does not need to be assigned to the same role. If authentication succeeds on both servers for both usernames, the user is granted access corresponding to the role of the primary username.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.