Mideye Server 6 - Authentication Types

The Mideye server is a general-purpose RADIUS server with eleven supported authentication types:

  1. Password: The user is authenticated with a static password.
  2. Mobile: The user is authenticated with a static password, in combination with a one-time password (OTP) which is sent to the user’s mobile phone in real-time via the mobile network. This authentication type relies on a two-step challenge-response dialogue. Users that have activated the Mideye+ app get OTPs primarily via data push (mobile data or wifi), with Plus (auth type 5) as a fallback in case the phone is not reachable. Users without the Mideye+ app log in with SMS-OTP.
  3. Token: The user is authenticated with a static password, in combination with a one-time password which is obtained from a token card (YubiKey or HID Mini Token). This authentication type relies on a two-step challenge-response dialogue since the static password and the OTP are provided in two separate steps.
  4. Concatenated: Only supported with HID Mini Token. The user is authenticated with a static password, in combination with an OTP which is obtained from the user’s token card. The OTP is concatenated with the static password in one single step, which means that this authentication type does not require support for a two-step challenge-response dialogue. Example: If the static password is Sd43Erg7 and the OTP is 28592434, this is entered as Sd43Erg728592434.
  5. Plus: The user is authenticated with a static password in combination with an OTP which is obtained by manually signing an access challenge in the Mideye+ app. This authentication type only works for users that have activated Mideye+ and is mainly intended as a fallback from other authentication types in case the phone is not reachable. It relies on a two-step challenge-response dialogue.
  6. Touch: Touch: The user is authenticated with a static password, followed by an ‘Accept’ option presented directly in the Mideye+ app. The app must be reachable via data push (mobile data or wifi). Users that haven't activated Mideye+ are sent a magic link via SMS, where the login can be approved. This authentication type does not require support for a two-step challenge-response dialogue.
  7. Touch-Plus: The user is authenticated primarily using Touch (auth type 6), but with a fallback to Plus (auth type 5) in case the phone is not reachable via data push. If the user has activated an on-premise token, fallback will instead go to On-prem (auth type 11).
  8. Touch-Mobile: The user is authenticated primarily using Touch (auth type 6), but if the phone is not reachable via data push, the system reverts to Mobile (auth type 2) by sending an encrypted SMS to the Mideye+ app. If the phone is not reachable at all via the network the server reverts to Plus (auth type 5) or if the user has activated an on-premise token, it reverts to On-prem (auth type 11).
  9. Assisted login: The user is authenticated with a static password, followed by the acceptance by an authorized approver. The approver must have the Mideye+ app installed and activated in order to accept the login.
  10. Shared account: The user is authenticated with a static password, after which the user is prompted to enter a pre-registered phone number or token serial number. This phone/token is then used for the second step of the authentication. For user accounts in Active Directory, the attribute ‘otherMobile’ is used to search pre-registered numbers. For other LDAP repositories, the attribute ‘Mobile’ is used.
  11. On prem: The user is authenticated with a static password in combination with an OTP which is obtained from an authenticator app on the users mobile phone or from a TOTP/HOTP hardware token. For authenticator apps, the app the seed is distributed via a QR-code in the webadmin interface or the self-service portal. This authentication type can be used either as a fallback to other authentication types requiring internet connectivity (Touch-Plus and Touch-Mobile) or as a stand-alone authentication type in an isolated environment. It relies on a two-step challenge-response dialogue.

Authentication types 7 and 8 require Mideye+ for the Touch functionality. Users that haven't activated Mideye+ are automatically assigned authentication type 2 (SMS-OTP).