When a user attempts to login to access a protected service using OOBA, the DualShield server will push a login request to the user via the mobile data network.

The Deepnet MobileID app on the user’s phone receives the login request and prompts user to accept or deny by simply pressing the button on the app's screen.

The OOBA Push Policy settings specify timing and authentication options in a section "OOBA-PUSH" of the Mobile ID Policy;

 



This option allows the system manager to To enable or Disable Out-of-Band Authentication implemented over mobile data networks (Mobile Push).  


In DualShield 6, OOBA registration and verification functions are provided by the DualShield SSO service. In a DualShield system in which there are multiple DualShield SSO servers, e.g. one in the frontend and one in the backend, then you must specify the SSO server that is to be used for OOBA by entering the FQDN of the SSO server in this entry..


This option allows the system administrator to either force the user to verify their password when registering a new device, or only ask the user to verify if the link session timed out.

  • Always ask user to verify password when registering a new device
    When a user attempts to register a device for OOBA, password authentication is required.

  • Only ask user to verify if the link session timed out
    When the registration link has timed out, password authentication is required.


Defines the time out period (in seconds) of the registration link.


Defines the time out period (in seconds) of the logon request.


If this option is enabled, then users must be verified by the specified local authentication in order to approve a push authentication request.


This method will determine if a local authentication method is to be used when authenticating (local authentication is performed after receiving the push message).

  • None
    No additional Authentication is performed other than sending back a OOBA Push response.

  • PIN (OS)
    Operating system based PIN is required before the OOBA Push message can be confirmed.

  • Fingerprint (OS)
    Operating system based fingerprint authentication is required before the OOBA Push message can be confirmed (currently only apple fingerpirnt is supported).

  • Fingerprint (OS) Only
    Operating system based fingerprint authentication is used when confirming OOBA Push messages (currently only apple fingerpirnt is supported)

  • PIN (APP)
    The MobileID app based PIN is required before the OOBA Push message can confirmed.
  • No labels