Manualshelf

Installation guide

ManualsBrandsCelestix ManualsComputer equipmentMSA 4200 Series
41424344454647484950
Celestix HOTPin Appliance Installation Guide Page | 40
Note: Validation occurs when you click the OK button after
configuring settings.
Primary server IP address/hostenter AD server information.
Secondary server IP address/host optional; enter information for an
additional AD server.
Authenticate against select the authentication service type.
Group membership optional; this feature can be used to restrict end
user access to self-provisioning functionality. If you enter a group name,
only members of that group will be able to use HOTPin.
Authenticate with user email addressselect to enable HOTPin to
get user email addresses from AD in the authorization process. This will
allow end users to enter their email address as the user name when they
import key configuration. You will need to enter a User (domain\user)
name and Password with AD read privileges.
Important:
Email addresses must be entered in the AD user account email
attribute and must also be unique values.
If you select Authenticate with user email address, you
should designate Email Address as the Default HOTPin user
name on the Website Settings tab.
AD Synchronization Compatibility
If you deploy both the AD Synchronization and HOTPin User Website features,
you should limit end user editing functionality to avoid issues where the sync
process overwrites information they might enter. Disable the following user site
features under Create and Edit User Accounts:
Create new user accounts
Edit user account information
User Website Notes
You might need to adjust the appliance firewall settings to allow users to
connect to the user provisioning website; depending on your
deployment, this may include the Windows Firewall, TMG, or an external
firewall.
If the website is disabled, attempts to use the Import from Network
feature in client software will generate an unauthorized access error
message.
The network import option in client software requires that HOTPin user
names match the user’s domain authentication property (based on the
configured settings as discussed above).
Some client software is available from the user site for download, but
some applications must be downloaded from the site associated with