Application passwords are used for applications that do not support forms-based authentication, such as non-browser applications. They cannot be used for forms-based authentication. Organizations can enable application passwords in circumstances where they do not have user passwords, specifically when they use federated identity. Application passwords also provide the extra security of a strongly generated password to bypass security settings such as organization IP range restrictions. Application passwords are supported for IBM SmartCloud
Traveler for Notes and other SmartCloud mobile applications.
After completing this exercise, you should be able to:
- Enable application passwords for IBM SmartCloud Traveler for Notes® applications on a mobile device.
- Define an approved range of IP addresses to allow users to log in only from an approved network connection.
- Configure your mobile device to access IBM SmartCloud using the password authenticator.
Parent topic: Lesson 4: Configuring and administering IBM SmartCloud Traveler for Notes service
Previous topic: Creating an IBM SmartCloud Traveler for Notes policy settings document
Next topic: Reference: IBM SmartCloud Traveler for Notes Policies
Procedure - Administrator Configuration
1. Log in to the service using the credentials of an IBM SmartCloud
administrator and navigate to the Administration panel.
2. From the navigation pane, click Security
3. In the Password Settings
section of the Security
page, click Edit Settings
4. Select Allow users to generate application passwords
and then Require applications to use application passwords to access this site
The complete options are:
5. Select Save Changes
6. If, as an administrator, you selected Require applications to use application passwords to access this site
, or if you allowed IBM SmartCloud
for Traveler users to bypass the specified IP range, instruct them to generate application passwords.
Procedure - User Configuration in SmartCloud
Now that your administrator has enabled this feature, you can create and manage application passwords in My Account Settings in the service.
1. Log on to the SmartCloud service as an IBM SmartCloud Traveler for Notes user
2. In the menu dashboard, click on My Account Settings.
3. Under Manage Application Passwords click Change.
4. Enter a password and click Create
5. The application password will be generated. You will need to make a note of this. After you click Close, you will not be able to re-access this password.
a. Creating an application password is optional unless Require applications to use application passwords to access this site is enabled. However, unless IP range restrictions are disabled, they will not be able to log in using their service password unless they are within the IP range.
b. Application passwords are generated by the service when requested by users.
c. The generated passwords displays to the user only once, and cannot be recovered.
d. Users can revoke and generate a new application password at any time. There is no limit to the number that can be generated.
e. Passwords are generated using cryptographically strong random number generator. They are 16 characters long, and not case sensitive.
f. Users should enter the password once into their device and allow the device to save the password.
g. If there are ten failed login attempts, the account is locked for three minutes.
6. If you click Change at this point, you will be able to see the password used to generate the application password but not the application password itself.
7. Optional: You could choose at this or any other point to revoke password. If you do so, you will be asked to confirm the revocation. Click OK to do so
The dialog will change to reflect that the application password has been revoked
Procedure - User Mobile Device Configuration
Using a mobile device, configure IBM SmartCloud Traveler for Notes on the device to use the application password
1. Access your mobile device on which you previously installed and configured IBM SmartCloud
Traveler for Notes
and attempt to synchronize with the service. You should receive an error message. The word 'Authenticator' is your clue that an application password has been enabled for this application. The application password you configured in step 5 in the previous procedure should now be used instead of your standard SmartCloud login password.
2. Synchronization with SmartCloud should now function normally.