Help for ApplicGate Authentication Service

Help for ApplicGate Authentication Service

There are up to six Options for Authentication (depends on specific configuration):

Option	Description
SMS	Username and Security ID must be specified. Your One-Time Password will be sent via SMS. Your phone number must have been configured by the system administrator.
Email	Username and Security ID must be specified. Your One-Time Password will be sent via email.
Authenticator	Username and Security ID must be specified. You must enter the Authenticator code. For Authenticator initialization a One-Time Password will be sent.
WebAuthn (FIDO2)	Username and Security ID must be specified. For registration a One-Time Password will be sent.
OAuth 2.0	You may select to the authentication provider (if configured). The authentication provider asks you for further data as necessary.
RADIUS	Username and Password must be specified.

Security ID is a 5-digit number for further identification. It is defined by the system administrator.

Prerequisite for Authenticator usage:
- Install an Authenticator App (must support TOTP) at your smartphone (e.g. available from Google or Microsoft).
- When using the Authenticator option the first time the Authenticator Code field must be empty.
- Then you can select the authentification option (SMS or email, depends on system configuration) for Authenticator initialization (a new secret will be generated).
- Afterwards you will receive a QR code to configure a new account in the Authenticator.
- After configuration please do not forget to confirm with the One-Time Password you have received.
- You can request a new secret any time by entering the word reset into the Authenticator Code field.

Prerequisite for WebAuthn (FIDO2) usage:
- You need a security token e.g. from YubiKey.
- At first access the security token must be registered:
- You can select how to authenticate during registration: SMS or email (depends on system configuration).
- During registration a public/private key pair will be generated at the security token and the public key will be sent to the server
- After registration please do not forget to confirm with the One-Time Password you have received.
- If you have lost the security token or if is does not work any more you have to request a reset from the system administrator.
- Security tokens can be access via USB, NFC or BLE (Bluetooth Low Energy). It depends on the type of the security token and the system configuration.

Note for RADIUS:
- For internal checking of privileges ApplicGate adds the string "@radius" to the username if the username has no email format ("@" is missing).