PINsafe Credential Provider 4.0

PINsafe Credential Provider Configuration

 

Contents

User Guide

Troubleshooting

Configuring PINsafe

 

The PINsafe Credential Provider Configuration utility provides a convenient means of configuring the installed PINsafe Credential Provider.

NOTE: some configuration of the PINsafe server is also necessary to use the PINsafe custom login application. See the link at the side for more information.

Server Settings

Server The IP address or hostname of the PINsafe server to use for authentication.

Port The TCP/IP port used by the PINsafe server. Commonly "8080" or "8443" if SSL is enabled.

Context The web appliaction context used by the PINsafe server. Commonly "/pinsafe/" for standard installations.

Secret The shared secret configured for the Login agent.

Confirm Secret Repeat the shared secret to ensure it has been entered correctly.

SSL

Use SSL Enable the use of SSL when communication with the PINsafe server. In order to use this option SSL must have been configured on the PINsafe server with an appropriate certificate.

Allow self-signed SSL certificates Accept an SSL certificate from the PINsafe server that has not been signed by a recognised certificate authority.

Authentication modes

Always Selecting this mode enables PINsafe authentication for local and remote logins.

Remote Only Selecting this mode enables PINsafe authentication for remote logins only. Local logins continue to only require a standard Windows username and password combination.

Never Selecting this mode disables the use of PINsafe authentication.

Authentication Options

Show TURing images Enable the ability for users to request a single-channel TURing image from the PINsafe server.

Show Request String Enable the ability for users to request a security string to be sent from the PINsafe server to their phone or email.

Test Mode When enabled, the standard Windows login is available in addition to PINsafe Credential Provider (via Switch User).

If PINsafe unavailable

Options to control how authentication works if the PINsafe server cannot be contacted

Fail authentication When enabled, authentication always fails if PINsafe cannot be contacted.

Use local authentication When enabled, displays a locally-generated TURing image if PINsafe cannot be contacted.

Use standard authentication When enabled, if PINsafe cannot be contacted, authentication is by username and password only. The OTC field will still be displayed, but will be ignored.

Always use local auth. When enabled, always displays a locally-generated TURing image and does not attempt to contact PINsafe.