First factor⚓︎
What is meant by first factor?⚓︎
It is a process that regulates access to our system.
Requirements⚓︎
With the user setting Edit first factor you have the possibility to define another factor for authentication than the standard password.
Factors⚓︎
Smartcard (only on FullClient)⚓︎
The configuration is done via the user setting First factor.
Hint
This option is only valid for users in master key mode
Be Aware
The smartcard logon tries to determine whether the certificate belongs to the user to be logged on based on the applicant in the smartcard certificate. This is done using regex, the default regex ^{username}[.@\\/-_:]({domain})$ or ^({domain})[.@\\/-_:]({username})$ is applied to the applicant. In this case, {username} is replaced with the user to be registered and {domain} is replaced with the domain in the AD profile in the regex and if the regex query is positive, the user is registered. If the format of your applicant in your certificates is not compatible with these two regex queries, you must set a custom regex query in the Admin Client. Please note that {username} for username and {domain} for the AD domain SHOULD be present in the regex query. If the domain must be explicitly specified, it must be written in capital letters.
In addition, the smartcard certificate must of course also be valid on the server!
Fido2 (only at the WebClient)⚓︎
Requirement⚓︎
For Fido2 it is mandatory that SMTP is configured. In addition, an e-mail address must be stored for the AD users.
Furthermore, the URL of the WebClient must be stored in the Admin Client:
Configuration⚓︎
The configuration is done via the user setting First Factor.
As soon as an AD user logs on to the WebClient, he gets the following prompt:
In the email box of the corresponding user the further configuration takes place:
Created: 2022-09-05