Dell SMA 200 Administration Manual page 406

17 Optionally, select One-time passwords to enable the One Time Password feature. A drop-down list
appears, in which you can select if configured, required for all users, or using domain name. These
are defined as:
• if configured - Only users who have a One Time Password email address configured uses the One
Time Password feature.
• required for all users - All users must use the One Time Password feature. Users who do not
have a One Time Password email address configured are not allowed to login.
• using domain name - Users in the domain uses the One Time Password feature. One Time
Password emails for all users in the domain are sent to username@domain.com.
18 If you selected if configured or required for all users in the One-time passwords drop-down list, the
Active Directory AD e-mail attribute drop-down list appears, in which you can select mail, mobile,
pager, userPrincipalName, or custom. These are defined as:
• mail - If your AD server is configured to store email addresses using the "mail" attribute, select
mail.
• mobile or pager - If your AD server is configured to store mobile or pager numbers using either of
these attributes, select mobile or pager, respectively. Raw numbers cannot be used, however, SMS
addresses can.
• userPrincipalName - If your AD server is configured to store email addresses using the
"userPrincipalName" attribute, select userPrincipalName.
• custom - If your AD server is configured to store email addresses using a custom attribute, select
custom. If the specified attribute cannot be found for a user, the email address assigned in the
individual user policy settings is used. If you select custom, the Custom attribute field appears.
Type the custom attribute that your AD server uses to store email addresses. If the specified
attribute cannot be found for a user, the email address is taken from their individual policy
settings.
If you select using domain name, an E-mail domain field appears following the drop-down list. Type in
the domain name where one-time password emails are sent (for example, abc.com).
19 If Technician Allowed is enabled, Secure Virtual Assist can log in as a technician role in this domain.
20 Select the type of user from the User Type drop-down list. All users logging in through this domain are
treated as this user type. The choices depend on user types defined already. Some possible choices are:
• External User – Users logging into this domain are treated as normal users without administrative
privileges.
• External Administrator – Users logging into this domain are treated as administrators, with local
Secure Mobile Access admin credentials. These users are presented with the admin login page.
This option allows the Secure Mobile Access administrator to configure a domain that allows
Secure Mobile Access admin privileges to all users logging into that domain.
Dell SonicWALL recommends adding filters that allow administrative access only to those users
who are in the correct group. You can do so by editing the domain on the Users > Local Groups
page.
• Read-only Administrator – Users logging into this domain are treated as read-only
administrators and can view all information and settings, but cannot apply any changes to the
configuration. These users are presented with the admin login page.
21 Click Accept to update the configuration. After the domain has been added, the domain is added to the
table on the Portals > Domains page.
22 Navigate to the Users > Local Groups page and click the configure icon. The Edit Group Settings page
is displayed, with fields for LDAP attributes on the General tab.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
406