In password-and-device
, the user provides their IBM® Security Verify password plus the authentication is verified through the IBM Verify application on their mobile device. The user must configure their device in IBM Security Verify.
The auth-method
you set must match the authentication method you set for
users in IBM Security Verify. The user's device must have connectivity to
the IBM Security Verify Access system.
-
Instruct the user to install the IBM Verify application on their mobile device.
-
Instruct the user to open https://hostname.ice.ibmcloud.com/ui and log in
to their IBM Security Verify account.
-
Instruct the user to perform the following steps:
- Click the person icon and click Security
settings.
- Click Add new.
- Click Next: Connect your account.
- Launch the IBM Verify application on their mobile device.
- Choose Use Touch ID.
- Tap to connect a new account.
- Scan the QR Code on the IBM Security Verify web page using the device’s
camera.
- Allow IBM Verify to send you notifications.
- On the IBM Security Verify web page, click
Verify.
- On the device, click the check mark and enter your fingerprint to verify the device.
- On the IBM Security Verify web page, click
Done.
The device is listed on the user's web page under IBM Verify.
-
In the installation directory on your Windows system where you installed IBM Verify Gateway for RADIUS, edit the IbmRadiusConfig.json configuration
file to set the
auth-method
to password-and-device
:
{
"address":"::",
"port":1812,
"trace-file":"c:/directory-name/ibm-auth-api.log",
"ibm-auth-api":{
"client-id":"client-id",
"client-secret":"client-secret",
"protocol":"https",
"host":"hostname.ice.ibmcloud.com",
"port":443,
"max-handles":16
},
"clients":[
{
"name":"hostname.company.com",
"address": "ip-address",
"secret":"your-secret",
"auth-method":"password-and-device"
},
-
Save the changes.
-
In
password-and-device
authentication, the login flow is as follows:
- The user must provide their IBM Security Verify password.
- The authentication is then verified through the IBM Verify application on the user's mobile device. The user is prompted as follows:
A push notification has been sent to your device :device-name
.
Please refresh your IBM Verify application if you did not receive it.
ENTER MFA INFORMATION:
- The user must follow the prompts to verify the push notification on their mobile device.
- The user must enter any single character as the response to the
ENTER MFA
INFORMATION
prompt and press Enter to continue.Note: In IBM MFA Out-of-Band authentication, the user must enter any single character in
response to the Response
prompt and press
Submit.
Tip: When the user attempts to log in, the following error in the IBM Verify Gateway for RADIUS trace log indicates that the
IBM Security Verify authentication factor
settings are incorrect. {"messageId":"CSIAK4300E","messageDescription":"You are not authorized to
access this resource."}. See
Configuring IBM Security Verify authentication factors for the correct
settings.