Authenticators Enrollment Wizard¶
The CEP provides an Authenticator Enrollment Wizard for users. Using this wizard, you can pre-determine which authenticators will be required by users to enroll and present them with a wizard at login to enroll these authenticators if they don't yet have them enrolled against their account.
Configuration¶
The following parameters allow you to enable and control the wizard's behavior.
CEP_AAF_WIZARD_DEFAULT_METHODS¶
This optional parameter based on a YAML array. It enables a default setting to be set for all repositories that have not been explicitly configured in the CEP_AAF_WIZARD_METHODS for a repository-based setting.
environment:
- CEP_AAF_WIZARD_DEFAULT_METHODS=["PASSWORD:1", "HOTP:1"]
environment:
- CEP_AAF_WIZARD_DEFAULT_METHODS=[]
CEP_AAF_WIZARD_METHODS¶
YAML array of methods that the user should enroll via the wizard.
environment:
- CEP_AAF_WIZARD_METHODS=["PASSWORD:1", "HOTP:1", "SMARTPHONE:1", "CARD:1"]
environment:
- CEP_AAF_WIZARD_METHODS=[]
It is also possible to control the behavior of the wizard based on the user's repository.
environment:
- 'CEP_AAF_WIZARD_METHODS={"repo1": ["PASSWORD:1"], "repo2": ["PASSWORD:1", "HOTP:1"], "repo3": ["PASSWORD:1", "SMARTPHONE:1"]}'
Note
In this case, the single quotes are decisive so that the environment variable can be set correctly. If CEP_AAF_WIZARD_METHODS is configured, it is absolutely necessary to configure CEP_AAF_WIZARD_REPO_METHOD to true.
CEP_AAF_WIZARD_REPO_METHOD¶
Boolean value that specifies whether a wizard registration configured for the user's repository should be carried out.
environment:
- CEP_AAF_WIZARD_REPO_METHOD=true
environment:
- CEP_AAF_WIZARD_REPO_METHOD=false
CEP_ENFORCE_WIZARD¶
If this parameter is enabled, the CEP enforce users to enroll missing methods, configured for the wizard with the parameter with CEP_AAF_WIZARD_METHODS.
environment:
- CEP_AAF_WIZARD_METHODS=true
environment:
- CEP_AAF_WIZARD_METHODS=false