Swivel Credential Provider 4.4

Swivel Credential Provider Configuration

 

Contents

User Guide

Troubleshooting

Configuring Swivel
 

The Swivel Credential Provider Configuration utility provides a convenient means of configuring the installed Swivel Credential Provider.

NOTE: some configuration of the Swivel server is also necessary to use the Swivel custom login application. See the link at the side for more information.

Server Settings

Server The IP address or hostname of the Swivel server to use for authentication.

Port The TCP/IP port used by the Swivel server. Commonly "8080" or "8443" if SSL is enabled.

Context The web appliaction context used by the Swivel server. Commonly "/pinsafe/" for standard installations.

Secret The shared secret configured for the Login agent.

Confirm Secret Repeat the shared secret to ensure it has been entered correctly.

SSL

Use SSL Enable the use of SSL when communication with the Swivel server. In order to use this option SSL must have been configured on the Swivel server with an appropriate certificate.

Accept self-signed SSL certificates Accept an SSL certificate from the Swivel server that has not been signed by a recognised certificate authority, that does not match the hostname entered, or that has expired.

Authentication modes

Always Selecting this mode enables Swivel authentication for local and remote logins.

Remote Only Selecting this mode enables Swivel authentication for remote logins only. Local logins continue to only require a standard Windows username and password combination.

Never Selecting this mode disables the use of Swivel authentication.

Authentication Options

Show TURing images Enable the ability for users to request a single-channel TURing image from the Swivel server.

Show Request String Enable the ability for users to request a security string to be sent from the Swivel server to their phone or email.

Test Mode When enabled, the standard Windows login is available in addition to Swivel Credential Provider (via Switch User).

Ignore Domain When enabled, any domain prefix (e.g. domain\username) or suffix (e.g. username@domain) will be removed before checking the Swivel username.

Allow Unknown Users Online When enabled, if a username is not recognised as a Swivel user, the user is permitted to authenticate using just their password. If disabled, usernames that are not recognised are not permitted to login.

Allow Unknown Users Offline When enabled, if offline authentication is active and the user has not previously authenticated to Swivel online, they may authenticate using password only. Users that have previously authenticated, and therefore have cached credentials on the local machine, must authenticate using those credentials. If disabled, users that have not previously authenticated online may not authenticate offline.

If Swivel Server unavailable

Options to control how authentication works if the Swivel server cannot be contacted

Fail authentication When enabled, authentication always fails if the Swivel server cannot be contacted.

Use local authentication When enabled, displays a locally-generated TURing image if the Swivel server cannot be contacted.

Use standard authentication When enabled, if the Swivel server cannot be contacted, authentication is by username and password only. The OTC field will still be displayed, but will be ignored.

Always use local auth. When enabled, always displays a locally-generated TURing image and does not attempt to contact the Swivel server.