Introduction
ICE stands for "In Case of Emergency."
ICE can be used in emergencies, such as when a user has lost or forgotten to bring their hardware token to the office.
ICE logon procedure generally has emergency code in its logon step, which enables your users to use emergency code.
Authentication with ICE !
In this scenario a user is trying to log onto OWA. It is currently prompting for the OTP...
Unfortunately, they do not have their token with them, but urgently need to access their emails.
They will therefore need to click on the emergency life ring icon on the top right...
The second step now changes to Emergency code.
The Emergency Code will be obtained from the DualShield Emergency Access Console. (Please note that you will need to generate the code on the portal prior to using ICE.)
How to add ICE to an existing application
An additional logon procedure is created for an existing Application (e.g. OWA) that will offer alternative logon steps of Emergency Code
The following procedure will create the new ICE logon procedure and add it to the protected application (as an optional, alternative logon procedure);
Currently OWA has an existing Logon Procedure..
To create an additional ICE Logon Procedure, navigate to "Authentication | Logon Procedures", then click on the
button;
A new window will now open titled "Logon Procedure - New", fill in the details as per the example below, then click
;
Name the new logon procedure with a name that identifies that it will be used as the ICE Logon procedure for OWA, with a type that matches the type of the existing logon procedure, plus the "ICE" checkbox also selected.
Now this new logon procedure has been saved we will need to provide it with logon steps.
Left click on the context menu of the new logon procedure then select the option "Logon Steps", then click on the
button;
A new window will now open titled "Logon Step - New", and select the option "Emergency Code", then click
;
Next we add the newly created logon procedure to the OWA application
Left click on the context menu of the newly created logon procedure, then select the option "Applications";
The logon procedure is assigned by selecting the service "Reset Password Service", then clicking
The OWA application will now have two logon procedures applied to it...
Conclusion
On the surface ICE just provides a means to allow the user to switch to using an alternative logon procedure that will contain alternative logon steps and options to their normal logon procedure.
The users of the protected application will now have the option to use authenticate via the ICE logon procedure.
Please note an application can only have the one ICE logon procedure, but must also include a non-ICE logon procedure.
If an application has an ICE logon procedure but no non-ICE logon procedures, then DualShield will regard this application ill-configured, and the self test will fail.