2.3 Managing Login Sequences

When you install a login, you are asked if you want to create a login sequence that uses only the login method you are installing. If you answer yes, a login sequence is created for you that contains just the one login method.

You can also manually create and manage login sequences. After login and post-login methods are installed, you can view, add, modify, or delete login sequences by using iManager. Login sequences are not created when methods are modified or updated.

In NMAS, you can set up multiple login and post-login methods per sequence. You must have at least one login method selected to be able to select a post-login method.

When multiple methods are selected for a sequence, they are executed in the order they are listed. Login methods are executed first, then post-login methods.

A login sequence can be an And or an Or sequence. An And sequence is successful if all of the login methods successfully validate the identity of the user. An Or sequence only requires that one of the login methods validate the identity of the user for the login to be successful.

The post-login methods are only executed if the login is successful, regardless of the And/Or relationship.

After a sequence is created, you can authorize users to use the new sequence to log in to eDirectory.

2.3.1 Creating a New Login Sequence by Using NetIQ iManager

  1. Launch NetIQ iManager.

  2. Authenticate to the eDirectory tree as an administrator or a user with administrative rights.

  3. From the Roles and Tasks menu, click NMAS > NMAS Login Sequences.

  4. Click New and specify a name for the new login sequence.

    All available methods are listed under Available Login Methods and Available Post-Login Methods.

  5. Select the Sequence Type from the drop-down list.

    If you select And, a user must log in using every login method that makes up the login sequence. If you select Or, the user only needs to log in using one of the login methods that makes up the login sequence.

  6. Use the horizontal arrows to add each desired method to the sequence.

    If you are using multiple methods, use the vertical arrows to change the execution order.

    The Sequence Grade field displays the grade for the login sequence. For And sequences, the sequence grade is the union of the grades of the login methods. For Or sequences, the sequence grade is the intersection of the method grades.

  7. Click Finish to save the login sequence.

2.3.2 Modifying a Login Sequence

  1. Launch NetIQ iManager.

  2. Authenticate to the eDirectory tree as an administrator or a user with administrative rights.

  3. On the Roles and Tasks menu, click NMAS > NMAS Login Sequences.

  4. Click a login sequence name.

    The sequence grade and sequence type are displayed and the login and post-login methods are listed. All of the available methods appear in the Available Login Methods and Available Post-Login Methods lists.

  5. Select an action:

    • To change the sequence type, use the drop-down list next to sequence type.

    • To add or remove login or post-login methods from a sequence, use the left-arrow and right-arrow.

      NOTE:You must have at least one login method selected in order to select a post-login method.

    • To change the sequence order of the login methods, use the up-arrow and down-arrow.

    • To exit without saving changes, click Cancel.

    IMPORTANT:Login sequences that don't have a method associated with them are not saved.

  6. Click Apply or OK.

2.3.3 Deleting a Login Sequence

  1. Launch NetIQ iManager.

  2. Authenticate to the eDirectory tree as an administrator or a user with administrative rights.

  3. On the Roles and Tasks menu, click NMAS > NMAS Login Sequences.

  4. Select the login sequence you want to delete, then click Delete.

  5. Click Apply or OK.