The Out-of-band method facilitates users to perform out-of-band authentication through the Out-of-band (OOB) portal. Out-of-band authentication allows you to use different supported methods in unusual scenarios.
For example, use fingerprint or card to login to VPN (RADIUS authentication), face recognition or a U2F token to login to an SSH session, and SMS OTP or Smartphone to log in to z/OS mainframe. The Out-of-band method is enrolled automatically.
Advanced Authentication offers the Out-of-band portal where users can manage the authentication requests and perform authentication. This portal displays all authentication requests when a user tries to authenticate with the Out-of-band method. It works similar to the Smartphone method. On the portal, a user can accept or reject the authentication request.
To allow users to access the Out-of-band portal, ensure to meet the following prerequisites:
Specify the Hostname in the host.domain.com format during the Advanced Authentication server installation. Ensure, the hostname is resolvable through DNS properly.
For more information, see Step 7 in Installing Advanced Authentication.
Specify the DNS hostname in My DNS hostname when you configure the Advanced Authentication server post-installation.
For more information, see Step 4 in Configuring Global Master Server.
NOTE:Ensure the DNS name is resolvable by the specified DNS server.
Upload a valid public SSL certificate for the DNS name on the AA servers or a load balancer in Server Options.
For more information, see Configuring the Server Options.
Set the Public URL with the hostname of Advanced Authentication server (for example, https://host.domain.com/) in Policies > Public External URL.
Assign a chain to the OOB UI logon event.
For more information, see OOB UI Logon Event.
For ease of accessibility, users can install one of the following authentication agents:
In the Push notification max age (minutes) option, you can configure the maximum time (in minutes) until when the push notification is sent to the Authentication Agent for Web or OOB portal on the subscribed device. The subscribed device can be the Authentication Agent for Web on the desktop or Android smartphone. Apple iOS does not support push notifications for the PWA apps. The default value is 525600 minutes (1 year).