Messaging¶
Overview¶
The AuthControl Sentry Core can be configured to send messages for various events, to synced in user accounts. This is done by mapping and syncing user groups and destination attributes, such as email address or phone number, which exist on external LDAP based data sources.
When accounts are synced into AuthControl Sentry they can be sent an Account Creation email and an App Provision email automatically. However this requires that their mail attribute is populated and a Messaging transport has been setup prior. Users can also be set to receive an SMS containing a One Time Code for use during authentication.
The types of messages available to send are:
Message | Type | Purpose |
---|---|---|
Credentials Alert | Alert | Welcome email and PIN number |
App Provision | Alert | Mobile App Provision |
One Time Code | Strings | One Time Code for use during authentication |
PIN expiry | Alert | Warning of PIN expiry |
PIN change required | Alert | PIN change is required now or account will be locked |
PIN changed | Alert | Notification that PIN has been changed by the user |
Account locked | Alert | Notification that user’s account has been locked |
Account unlocked | Alert | Notification that user’s account has been unlocked |
Account inactive | Alert | Notification that user’s account has become inactive |
Account inactive warning | Alert | Notification that user’s account will soon become inactive |
Reset Code | Alert | Reset code for use during PIN reset validation process |
Confirmation Code | Alert | Confirmation code for user portal validation processes |
Password changed | Alert | (Non-AD) password credential has been changed by the user |
All messages can be customised from the Messaging menu.
Setup email messaging¶
General Prerequisites¶
- Previously configured repository
- All users setup with a mail attribute in the repository
- Users synced into groups in AuthControl Sentry
Setup the messaging transport¶
Select Messaging -> General, from the left hand menu. The general screen is where we map user groups and destination attributes (such as email or phone) to messaging transports. You will notice an existing messaging transport entry named ‘SMTP’. This is a pre-defined entry which is linked to the SwivelSMTP group. Let’s take a look at this now. Expand the SMTP entry:
You can see the following mappings:
Item | Value |
---|---|
Destination attribute | |
Strings Repository Group | —NONE— |
Alert repository group | SwivelSMTP |
Push repository group | —NONE— |
Voice repository group | —NONE— |
So by being a member of the SwivelSMTP group and having a populated email attribute synced in from the repository, you can receive email based alerts via this Messaging transport.
Hint
Each time you make a change to these settings, a repository ‘User Sync’ will be required from the User Administration screen to make the changes take effect.
We can confirm a user’s messaging transport assignment on the User Administration screen. In the left hand menu, click ‘User Administration’, select your user repository from the ‘Repository’ drop down. Then select the ‘Transport’ option from the ‘View’ drop down. The user list will update below to display the messaging transport mappings:
Sending out emails automatically¶
When an account is created, the user can be emailed with a welcome email (containing their PIN number if using a PIN based authentication method), and a Mobile App provision email to help get them setup with authentication via the AuthControl Mobile app. These automated emails are configured under the Policy -> General menu:
Policy | Setting |
---|---|
Auto. set credentials on user creation | Yes |
Auto. send provision code | Yes |
Hint
If a user has already been synced in to the AuthControl Sentry database, then an attempt will already have been made to send the messages. So you will either need to manually invoke the sending of the messages or delete and purge the user accounts from AuthControl Sentry and import them again (as new users).
Email template customisation¶
Here is a preview of the built-in welcome (and PIN credential) email:
Here is a preview of the built-in app provision email:
You can customise the HTML of these email templates under Messaging -> SMTP in the left hand menu:
Hint
We recommend that you copy and paste the HTML into an editor and paste it back in once modified, rather than attempting to edit it inside the form field.
The email images reference a BASE URL which is configured under Server -> Name in the left hand menu. If you wish for email images to be retrieved from the AuthControl Sentry appliance then you must specify the FQDN of the appliance as it appears to the outside world, here:
Once the BASE URL is configured and access is provided from the outside world, you can upload custom email images using the ‘Upload Email Images’ left hand menu option. First click ‘Browse’ to select your custom image, then click the ‘Upload’ button. Once uploaded you can then utilise these images into your HTML email.