Use this guide to configure the System Info tab in the Web Admin for each SecureAuth IdP realm.

This includes cloud services, certificate authorities, and proxy integrations.

This tab is mostly for reference and requires no configuration unless a proxy integration is required, SCEP is being used, or if there are specific preferences

1. Create a New Realm for the target resource for which the configuration settings will apply, or open an existing realm for which configurations have already been started

2. Configure the Overview, Data, Workflow, Registration Methods / Multi-Factor Methods, Post Authentication, and Logs tabs in the Web Admin before configuring the System Info tab

3. (For Proxy Integrations) Have an established Proxy Server

4. (For SCEP) Have Issuing CA (Certificate Authority) running on Windows 2008 Enterprise edition to enable SCEP/NDES functionality

5. Have SCEP / NDES (Network Device Enrollment Service) service already pre-installed and functional

6. Have Certification Authority's (root and intermediates) certificate distribution point available to all clients (internal and/or external) to allow access to the AIA and CDP files (CRT and CRL files)

7. Have SCEP / NDES Listener URL

The Registration Methods tab in SecureAuth IdP Version 9.0 has been renamed Multi-Factor Methods as of Version 9.0.1


1. In the System Info section, the SecureAuth Version number is provided for reference

2. Click Decrypt to decrypt the web.config file, which can then be viewed in its entirety (not required)

3. Plugin information is provided for reference, and no configuration is required unless a specific version is required (not typical)


4. Select True from the Certificate Use WSE 3.0, Telephony Use WSE 3.0, SMS Use WSE 3.0, Push Use WSE 3.0, and Trx Use WSE 3.0 dropdowns if SecureAuth IdP is to utilize the message-level security (WSE 3.0 / WCF) to make a web service call to issue a certificate (default), and leave the URL fields default

Select False if a Proxy integration is required (see below for additional configuration steps)

5. Click Test to ensure that the connection is working properly

These configurations must be completed in each realm that utilizes the proxy, and in the Admin Realm (SecureAuth0)


6. Select False from the Use SCEP dropdown and keep the default values unless SCEP is being utilized

If using SCEP, refer to the configuration steps below

Refer to Outbound SCEP Configuration Guide or Inbound SCEP from MobileIron VSP Configuration Guide for full instructions

1. Select True from the Use SCEP dropdown

2. Leave the SCEP Web Service URL as the default unless the web service is being hosted in a different location

3. Set the SCEP / NDES URL as the SCEP / NDES Listener URL

4. Select False from the Inbound SCEP Request

If SecureAuth IdP is to receive inbound SCEP calls from MobileIron, select True


7. Select False from the Use Proxy Server dropdown and keep the default values unless a proxy integration is required

If a proxy integration is required, refer to the Proxy Configuration Steps in the WSE 3.0 / WCF Configuration section


8. Provide the Public IP Address if NAT is used to alter the SecureAuth IdP IP Address to a Public IP Address

9. List the IP Addresses (if any) of devices between the user and SecureAuth IdP (proxy, load balancer, gateway, etc.) separated by commas

10. Leave the IP Http Header Field Name as default unless a different Field Name is required


11. No configuration is required in the License Info section, and the Cert Serial Nbr is typically the same as the Client Cert Serial Nbr in the WSE 3.0 / WCF Configuration section


12. Select Default from the SAN, DC 1, and DC 2 dropdowns to use the default certificate settings

Select Custom to customize a SAN, DC 1, or DC 2 property in a certificate

Select the Field(s) from the Custom SAN / DC 1 / DC 2 dropdown and click Add to customize the property

13. Select No DC 3 from the DC 3 dropdown to eliminate the DC 3 property from the certificate; select Hard drive serial number hash to include the DC 3 property as the hard drive serial number hash

14. Select the hashing algorithm to be used for certificate signing requests from the Certificate Key Identifier dropdown


15. Select True from the Force Frame Break Out to enable SecureAuth IdP pages to break out of iFrame web pages

NOTE: This section applies only to SQL, ODBC, and Oracle data stores


16. Set the Max Length for User ID (number of characters)

17. Set the Max Length for Password (number of characters)

18. Set the Max Length for OTP (number of digits)

19. Set the Max Length for KBA (number of characters)

If no limit, set to 0 (default)

20. Create a list of Disallowed Keywords, comma separated

Click Save once the configurations have been completed and before leaving the System Info page to avoid losing changes


21. Click Click to view Web Config Backups to view backups and see modifications that have been made

22. Click Click to edit Web Config file to view the entire web.config code file to review and make modifications


View configuration changes and open backup files


View the web.config file and make any code modifications here

Click Save once the configurations have been completed and before leaving the Web Config File page to avoid losing changes