Secure Mobile Access 12.4 Administration Guide

Technical Documentation>  Authentication>  Network and Authentication Configuration>  Managing User Authentication>  Configuring Local User Storage
Table of Contents

Configuring Local User Storage

You can create local user accounts in AMC and then map them to a local authentication repository. For information on creating local user accounts, see Managing Local User Accounts.

Only one local user store can be created on the appliance.

To configure local user authentication

  1. In the AMC, navigate to System Configuration > Authentication Servers.

  2. Click New.

  3. Click Local users (if a local store already exists, this option is dimmed).

  4. In the Name field, type a name for the authentication server.

  5. In the Password policy area, specify the minimum and maximum number of characters allowed for passwords. The minimum can be as few as 8, and the maximum can be as many as 12.

    Option Description
    Lowercase To specify that user passwords must contain at least one lowercase character
    Uppercase To specify that user passwords must contain at least one uppercase character.
    Numeric digits (9-0) To specify that user passwords must contain at least one number (0-9).
    Symbols To specify that user passwords must contain at least one symbolic character ( ~`!@#$%^&*()_-+={}[]|\:;"'<,>.?/ ).

    UTF-8 characters are supported in the password.

  6. In the Password expiration area, select the Passwords expire after checkbox. Clear the checkbox to allow user passwords to never expire.

    • Enter the number of days after which user passwords will expire. The default is 60 days ; minimum is 1 day, and the maximum is 365 days.

  7. Select the Begin prompting user checkbox and enter the number of days before expiration that the user will be prompted to change the password. The default is 14 days.

  8. To change the prompts and other text that Windows users see when they log in, expand the Advanced section.

  9. Select the Customize authentication server prompts checkbox.

    The page title, message, and login prompts can all be customized. For example, if an employee ID number is used to identify a user, you could change the text for the Identity prompt from Username to Employee ID. If this configuration is being used for testing, a customized Message could point to test procedures or other instructions.

  10. Enter the password or other proof of identity into the Proof field.

  11. In the One-Time Passwords area, to configure two-factor authentication with one-time passwords, select Use one-time passwords with this authentication server.
  12. Define the password format by entering the number and type of characters into the Passwords contain field.

  13. In the From address field, enter the email address from which one-time passwords will be sent.

  14. In the Default domain field, optionally enter the domain to be appended to each user name to create an email address for local users to which one-time passwords will be sent.

  15. You can override the default domain by configuring an email address for each local user in the Email Address field.

    This email address will be available as a User attribute type policy variable named primaryEmail. One email address per user is supported.

  16. Click the Send test message button to send a test email message to verify that the message, password, and SMTP settings are correct.

  17. In the Subject field, enter the text for the subject line when e-mailing the one-time password.

  18. In the Body field, enter the content of the email that will contain the one-time password. (For more information about one-time passwords, see Using One-Time Passwords for Added Security.)

  19. Click Save.