Procedures for Configuring Connections to the ActivID Authentication Server

You can also issue smart cards containing SKI Symmetric Key Infrastructure or OATH Open Authentication applications using the ActivID Authentication Server (AS). The ActivID AS can manage a heterogeneous end-user population and supports multiple authentication channels, different types of authenticators and authentication policies. The SKI and OATH applications allow the user to access resources (for example, different applications or computers) using a dynamic password generated by a smart card. This authentication method requires the ActivID AS to manage access to the resources.

So that it can manage SKI/OATH credentials, ActivID CMS communicates with one or more ActivID ASs. Managing SKI/OATH credentials includes the following SKI/OATH key-related operations:

Issuing
Revoking
Suspending
Resuming

It does NOT, however, include the following operations:

SKI/OATH credential resynchronization based on One-Time Password
SKI/OATH credential resynchronization based on Clock and Counter
Emergency Password The emergency password temporarily replaces an OTP (one-time password) where a user has either forgotten or lost his or her device. management
SKI/OATH Authentication Logs display
User's SKI/OATH Information display

Important: These operations cannot be performed using the ActivID CMS Operator Portal or the User Portal; they must be performed using the ActivID Authentication Server Management Console.

Procedure 1: Adding a Connection to an ActivID Authentication Server or ActivID Appliance

Prerequisites: Before you begin, make sure that:

An ActivID Authentication server / Appliance SKI Connector for ActivID CMS is running.
ActivID CMS is connected to the ActivID Authentication server / Appliance SKI Connector.
You have the administrator credentials to authenticate to the ActivID Authentication server / Appliance.
You have the rights to create a new ActivID Authentication server / Appliance or duplicate an existing server.

Go to the Repositories Management page.
To create a new server, click Add Authentication Server.
From the Provider drop-down list, select ActivID Authentication Server.
From the Template drop-down list, accept the default template.
Click Submit. The AAA Authentication, Authorization, and Accounting Administration Server Creation page appears:
Enter the appropriate information:
- Name—Enter a name for the ActivID Authentication Server / Appliance (which must be unique within ActivID CMS).
- Host—Enter the name or IP address of the computer system hosting the ActivID Authentication Server / Appliance.
- Port—Accept the default value (443).
- User Name—Enter the username used by ActivID CMS to connect to the ActivID Authentication Server / Appliance.
  
  Note: By default, the ActivID AS username for ActivID CMS is “spl-cmsadmin”.
- User Password—Enter the password used by ActivID CMS for the ActivID Authentication Server / Appliance user.
- Authentication Policy—Accept the default value (AT_SYSLOG).
- Channel Code—Accept the default value (CH_CMS).
- Security Domain—Enter the security domain identifier. This identifier has to be previously configured in the ActivID Authentication Server / Appliance.
Click Test to verify that the connection is working.
Click Create to declare the new server.

Procedure 2: Updating a Connection to an ActivID Authentication Server or ActivID Appliance

Note: For security reasons, the password is not retrieved during an update. You cannot modify the Name field.

Go to the Repositories Management page.

Locate the ActivID AS / Appliance connection you want to update in the Authentication Servers panel on the page, in the Name column.
In the Action column, click Update. The Authentication Server Update page appears.
Modify the information as required.
Click Test to verify that the connection is working.
Click Update.
When the confirmation message appears, click Done.