Openotp Credential Provider For Mac

1. Openotp Credential Provider For Macbook Pro

Product Documentation This document is an installation guide for the OpenOTP Credential Provider for Mac OSX. Hence, the installation or configuration of WebADM, including token registration is not covered in this guide.

For installation and usage guides to WebADM refer to the RCDevs WebADM Installation Guide and the RCDevs WebADM Administrator Guide available through the. Product Overview The OpenOTP Credential Provider for Mac OSX is a component that integrates the RCDevs OpenOTP one-time password authentication into the Mac OSX login process. RCDevs OpenOTP Authentication Server is a WebApp that is tightly coupled to the RCDevs WebADM application server. For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to and to do it. Preliminary Information Administrative/elevated permissions are necessary on any Mac OS to correctly set up and/or change the OpenOTP Credential Provider鈥檚 configuration.

To correctly setup the provider, please gather the following information. You will need to enter during the installation process:. The URI(s)s of the OpenOTP web-service(s) (mandatory). These URIs are mandatory, the client needs to know where the OpenOTP SOAP network API can be reached. At least one URI is necessary. A custom login text or tile caption (optional).

A text that is displayed on the Mac OS login pane. A client ID (optional).

An ID to identify a particular client on the server-side. The WebADM certificate authority (CA) file (mandatory for offline login). SOAP timeout delay (optional) 4. Installation and Configuration The Credential Provider鈥檚 setup and configuration are done in about 5 Minutes. The installer is the only utility that is needed to be set up and configures the provider.

The provider can be automatically deployed to your clients. 4.1 Local Installation First, you have to download OpenOTP Credential Provider for Mac OS available on. Extract files from the archive on your Mac and run the pkg file. The installer will start, on the first screen, click on Continue button and then click Install. The installer will ask you to enter your credentials to continue the installation. Enter your credentials and click Install software. After that another window is prompted: Click Next and you are on the first configuration page.

On this page, you have to configure the OpenOTP service URL(s). The request timeout is set to 30 seconds by default and we advise you to keep this default value. A client ID can be configured to match with a client policy on WebADM/OpenOTP server. To have more information on how to configure a client policy, have a look. The UPN mode can be configured on Implicit or Explicit. You can click on Next. On the next screen, some advanced features can be configured.

Every setting here are optional. Certificate Authority File, this setting attempts the CA certificate of your WebADM instance. The WebADM CA certificate can be downloaded at Note that the WebADM CA is mandatory to use the Offline authentication mode. The next setting is HTTP Proxy. Configure your HTTP proxy and port if needed. Server Selection Policy setting allows you to set up how the failover will works.

You have 3 options: Ordered, Balanced and Consistent. Next setting is the Offline mode. Offline mode allows users to login on the Machine, even if the WebADM/OpenOTP servers are not available. The offline mode requires a Push Login Infrastructure in place and OpenOTP Software Token Application on your mobile.

Have a look here for more information about. The last settings allow you to configure a custom login text and a custom logo.

Configuration is done, you can click on Done button and the installation is finished. Note Before logout to perform a login with an OTP, we advise you to start an SSH session and keep this session open until you perform a success login. If for any reason, OpenOTP Credential Provider for Mac OS is not able to contact the WebADM/OpenOTP server, you will not be able to log in on your Mac anymore.

If it’s the case, with the SSH session previously opened, you will be able to execute the uninstall script provided with the installer package to remove the plugin from your Mac and log in again. 4.2 Modifying the Configuration After the installation, you can modifiy the configuration by editing this file: vi /Library/Security/SecurityAgentPlugins/OpenOTPAuthPlugin.bundle/Contents/Resources/config.plist Witch looks like this:

Please have a look to know how to configure a push login infrastructure. I’m now on the login screen of my Mac, I have to enter my username and password: I press enter and a push login request is sent to my mobile phone. I press the Approve button and I log in to my Mac. I’m now logged in to my Mac. Prerequisites A first online login is required to enable offline login mode! If you manage to directly login with an offline connection it will not work.

You must have a working Push Login infrastructure to use the offline mode. When your laptop is offline, you are now able to log in with an OTP. So for this test, I stop WebADM services to simulate the offline mode. Like above, enter your LDAP Credentials on the first screen. OpenOTP Credential Provider for Mac OS is not able to contact OpenOTP server so, it will switch automatically to the offline mode. The offline mode will prompt you a QRCode.

Openotp Credential Provider For Macbook Pro

You have to scan this QRCode with the OpenOTP Token application. Open your OpenOTP Token application, press on the camera button and scan the QRCode. After scanning the QRCode, a window with an OTP is displayed on your smartphone like below: Enter your OTP and you are logged on.