Token Authentication in Mongoose Applications

One option to increase security and control access to your system is to use a token-based authentication service in tandem with the normal Mongoose login credentials. With this type of system, users must enter not only their user IDs and passwords, but also a second password, or passcode, obtained from a hardware or software "token".

To use a token-based authentication service in a Mongoose application, you must:

• Purchase access to the RSA SecurID token authentication service.

  At this time, the RSA SecurID service is the only token authentication service supported in Mongoose. You are responsible for purchasing and setting up this service for your system.

• Configure your Mongoose-based application to work with the token authentication service. This involves these basic procedures:
• Install and configure the Token Authenticator Service on the application (utility) server, using the Mongoose Configuration Wizard. This service is installed and run as an optional IIS service (but is required for token authentication of applications). This service can be used by many Mongoose-based applications simultaneously.

  For more information and the procedure, see the Mongoose Installation Guide.

• Configure the application in the Configuration Manager
• Set the passcode mapping for each user who will be using the service
• Let each user know how to use the token to sign in

Configuring the application in the Configuration Manager

To configure an application to use token-based authentication:

1. Open the Configuration Manager.
2. Select the Application tab.
3. From the list of available applications, select the application you want to configure.
4. Click Edit.
5. In the Edit Application dialog box, select the Advanced tab.
6. Select the Token Authentication option.
7. In the Service URL field provide the complete URL, in HTTP or HTTPS format, for the token authentication service.
8. (Optional but recommended) Click Validate Service to verify that the Mongoose system can make contact with the authentication service.

Setting the user passcode mapping

For users who will be required to use the token authentication service, you might need to provide a passcode mapping as part of the user profile: If the user's Mongoose user ID is the same as the RSA user ID for that user, then you need not provide passcode mapping; the system uses the Mongoose user ID. However, if the Mongoose user ID is different from the RSA user ID, then you must set the passcode mapping for that user.

To set the passcode mapping for a user:

1. Open the Users form and select the user.
2. Select the Login Information tab.
3. In the Token Authentication Support, Passcode Mapping field, specify the RSA user ID.
4. Save and close the Users form.

Letting users know how to sign in with token authentication

After you have configured the Mongoose system to use token authentication, you should let your users know:

• What they can expect when signing in—that is, that they will be required to enter a user ID, password, passcode, and configuration selection.

  NOTE: The Passcode login field displays only if the user selects a configuration that uses an application that is configured to use token-based authentication. This means that, when the user attempts to sign in, the Passcode field does not display until a configuration is selected that requires it.

• How the RSA SecurID token system that you have purchased works—that is, what kind of token they will use, how to obtain the passcode, and how to enter it.

Related Topics

Sign In Dialog Box

Assigning User IDs and Passwords

Users form