The Workflow tab is configured on a SecureAuth IdP realm to provide the way end-users access a realm. Workflows include use of Device Recognition (token and certificate properties), options such as authentication modes and URL redirection to other realms or pages, and consumer options such as custom tokens and social identities.
What's new in SecureAuth IdP version 9.3
Two new fields – Use Kernel Mode and Use AppPool Credentials – added in the Custom Identity Consumer section can now enable kernel mode authentication and application pool credentials (Active Directory service account) in environments using custom Service Principal Names for Integrated Windows Authentication (Kerberos).
Workflow guides from the previous release
See the collection of Workflow configuration guides under this category:
- SecureAuth IdP v9.3.
- SecureAuth IdP realm or integrated application with the following configured:
On the New Experience user interface in version 9.3, you can configure an Active Directory integration or SQL Server integration to be applied to applications made from App onboarding library templates. Configure the remaining components – for example, Workflow, Multi-Factor Methods, and Adaptive Authentication tabs – on the Classic Experience user interface.
SecureAuth IdP Web Admin - Classic Experience
Device Recognition Method section
1. Select the Integration Method from the dropdown.
The selection made here alters the options for Client Side Control and IE / PFX / Java Cert Type.
- Select Certification Enrollment and Validation for web-based authentication (used most frequently for majority of application integrations).
- Select Certificate Enrollment Only for X.509 VPN authentication.
- Select Mobile Enrollment and Validation for mobile browser authentication or enrollment (e.g. native mobile apps, OATH enrollment).
2. Select the Client Side Control option from the dropdown.
The selection made here alters the options for IE / PFX / Java Cert Type, and may require additional configuration steps.
3. Select the IE / PFX / Java Cert Type from the dropdown – this selection is based on the security preference.
NOTE: This step is not required if Device / Browser Fingerprinting is selected in step 2.
Certificate / Token Properties section
4. Select Password Expiration Date from the Certificate Expiration dropdown for the certificate to expire on the same day the password expires.
Select Private Mode Cert Length for the certificate to expire after a designated number of days.
5. Select Cert Expiration Date from the Certificate Valid Until dropdown for the certificate to remain valid up until the expiration date.
Select Private Mode Cert Length for the certificate to remain valid during a designated number of days.
6. If Private Mode Cert Length was selected in step 4 or 5, make an entry in the Private Mode Cert Length field to set the number of days a certificate will remain valid and will not expire.
7. If Certificate Enrollment was selected from the Integration Mode dropdown in the Device Recognition Method section, make an entry in the Public Mode Cert Length field to set the number of hours during which the Public Mode Certificate is valid.
8. Make an entry in the Mobile Credential Length field (browser credential) to set the number of hours a cookie delivered to a mobile device remains valid.
9. OPTIONAL: Make an entry in the Global Cert Limit field to set the maximum number of certificates a user can have at a time.
10. OPTIONAL: Make an entry in the Global Mobile Limit field to set the maximum number of mobile cookies a user can have at a time.
11. OPTIONAL: To have SecureAuth IdP check the Certificate Revocation List, select Fall Back to 2nd Factor or Display Error Message from the Check CRL dropdown.
Select Disabled to opt out of checking the CRL.
12. OPTIONAL: Click Configure Email Notification to enable and set up Expired Certificate Warning emails.
13. Save the configuration.
Expired Certificate Warning
A. Select Enabled from the Email Notification dropdown to enable the warning notifications.
B. Select True from the Multiple Certs per User dropdown to notify users of all certificate expirations, rather than just one.
C. Make a selection from the Email Field dropdown to select the Email Property corresponding to the data store field containing the user's email address for receiving notifications.
D. Make an entry in the Warning Period field to set the number of days before the expiration date on which notifications will be sent.
E. Select Daily from the Notification Interval dropdown to send an email notification once per day.
F. Set the Notification Start Time for sending email notifications.
G. Save the configuration.
Browser / Mobile Profiles section
The following configuration steps are only required if Device / Browser Fingerprinting is selected in step 2 as the Client Side Control option.
14. Configure the Device Recognition settings for the realm.