Configure OOB Delivery Gateways

Out-of-band (OOB) delivery gateways and adapters ensures that notifications are sent to the users mobile devices.

ActivID Appliance supports various types of OOB Delivery Gateways:

  • External servers that deliver SMS messages and passwords. For example, it can be a mail server or an SMS server:
    • SMS/Email OTPs can be used through a RADIUS channel or any other channel type
    • SMS/Email OTPs can be triggered through a username/activation code or by the service provider

      The actual SMS/Email OTP is a random number generated by ActivID Appliance and sent to the end user by SMS or Email through a delivery gateway.

      Multiple SMS and/or Email Delivery Gateways can be configured. If the primary gateway fails or there is no delivery address for the primary channel, then a secondary gateway is used automatically.

      Several Gateways can be defined and applicable for a given Authentication Policy, in a given priority order. If a gateway is not operational, then the next one will be used, following the priority order. This priority order is set in the authentication policy.

  • Services that push notifications from servers to applications on devices. Such services are available for Android, Apple and Windows devices using:

    • Google Cloud Messaging for Android
    • Apple Push Notification Service for Android
    • Push Notification Service for Windows
Prerequisites:
  • Contact HID Global Customer Services to obtain the Microsoft Azure Hub characteristics (connection string and hub path).
  • Make sure the latest CA root certificates required to connect to the Microsoft Azure Notification Hub infrastructure (for example, Baltimore CyberTrust) are available in the ActivID Appliance truststore.

    For further details about the CAs utilized by Azure, refer to Microsoft Azure Certificate Authorities.

Note: About Forward Proxies

ActivID Appliance connects to Microsoft Azure Notification hubs to send notifications to mobile devices. The ActivID Appliance forward proxy function allows configuring your proxy for this connection.

The proxy parameters in the below Azure-based delivery adapters are deprecated and should not be used.

Note: It is recommended that you use Microsoft Azure-based gateways and adapters for SDK integration.

Create an OOB Delivery Gateway

  1. Log on to the ActivID Management Console as an ActivID Administrator.
  2. Select the Configuration tab and, under Environment, select OOB Delivery Gateway.
  3. Click Add.
Important: The following adapters are deprecated and should not be used:
  • Google Push Delivery adapter
  • Apple Push Notification Delivery adapter
  • Windows Push Notification Delivery adapter
  • SMS BT Delivery Provider adapter

Support for these adapters will be removed in future ActivID Appliance versions.

  1. Enter the main information for the gateway:
    • Name – should be unique for ease of administration.
    • Description – (optional) content is free-format.
  2. From the drop-down list, select the Delivery Provider to define the notification service adapter settings and click Next:

  1. Click Save and proceed to Add an OOB Delivery Gateway to SMS Authentication Policy.

Add an OOB Delivery Gateway to SMS Authentication Policy

After creating an OOB delivery gateway, you must add an OOB delivery gateway to an OOB authentication policy and set a specific channel for the delivery.

Register User and OOB Credentials

Once the gateway is assigned to the authentication policy, you can register a user for OOB authentication.