Secure Mobile Access 12.4 Administration Guide

Configuring the AD or LDAP Directory Server

The schema for your AD or LDAP directory server must include an attribute that contains the email address to which a one-time password will be sent. The local authentication store uses the primaryEmail attribute, which can be configured per user by editing the local user account. See Managing Local User Accounts.

This address is not necessarily the user’s corporate email address. In order to complete authentication, a user has to be able to open the email containing the OTP; if it is sent to a corporate address the user may not yet have access to the account.

One-time passwords can be configured to be sent in an email message directly to SMS-capable phones. Contact your cell phone service provider for further information about enabling SMS.

The schema for your directory server (AD or LDAP) must be changed to accommodate an attribute (for example, SMSphone) that contains the SMS address for a given user. The address that you use depends on the user’s number and service provider. The attribute value for a Verizon phone with a U.S. domestic number, for example, looks like this: <10-digit number>

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.