Before an application can be created, a logon procedure must be created first.
Click the "CREATE" button on the toolbar
In the "Name" field, enter a name for this new logon procedure, e.g. "Office 365"
In the "Type" field, select the type of the logon procedure from the drop list, e.g. "Web SSO"
Click the "SAVE" button to save it.
Now that a new logon procedure is created, you want to add logon steps.
Navigate to Authentication | Logon Procedures
Click the context menu icon "..." of the application to be edited, e.g. "Office 365"
select "Logon Steps" to bring up the logon steps editor
To add a logon step, click the "ADD" button
Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password"
Click the "SAVE" button to save it
You can change the order of the steps by clicking the "UP" and "DOWN" buttons.
The type of logon procedure for LDAP integration must be LDAP Agent.
Once a logon procedure has been created, you need to add logon steps into the newly created logon procedure.
LDAP integration is typically used to add two-factor authentication to network devices that support user authentication via LDAP. In order to provide two-factor authentication without changing the network device, the common practise is to concatenate passwords from both factors, i.e. Account Password (Static Password) and One-Time Password (OTP), to form a type of new password called “passcode”. DualShield provides and supports the following types of passcodes:
- Static Password
- One-Time Password
- One-Time Password + Static Password
- Static Password + One-Time Password
For instances, if the user’s Static Password is “mypass” and the One-Time Password is “123456” then the passcode entered into the VPN client can be one of the following:
- mypass
- 123456
- 123456mypass
- mypass123456
To provide One-Step Logon you will create a logon procedure with only one logon step.
