What is meant by first factor?
It is a process that regulates access to our system.
Requirements
With the user setting Edit first factor you have the possibility to define another factor for authentication than the standard password.
Factors
Smartcard (only on FullClient)
The configuration is done via the user setting First factor.
![]()
*This option is only valid for users in master key mode
!The smartcard logon tries to determine whether the certificate belongs to the user to be logged on based on the applicant in the smartcard certificate. This is done using regex, the default regex “^{username}[.@\\/-_:]({domain})$” or “^({domain})[.@\\/-_:]({username})$” is applied to the applicant. In this case, “{username}” is replaced with the user to be registered and “{domain}” is replaced with the domain in the AD profile in the regex and if the regex query is positive, the user is registered. If the format of your applicant in your certificates is not compatible with these two regex queries, you must set a custom regex query in the Admin Client. Please note that “{username}” for username and “{domain}” for the AD domain SHOULD be present in the regex query. If the domain must be explicitly specified, it must be written in capital letters.
In addition, the smartcard certificate must of course also be valid on the server!
Fido2 (only at the WebClient)
Requirement
For Fido2 it is mandatory that SMTP is configured. In addition, an e-mail address must be stored for the AD users.
Furthermore, the URL of the WebClient must be stored in the Admin Client:
Configuration
The configuration is done via the user setting First Factor.
As soon as an AD user logs on to the WebClient, he gets the following prompt:
![]()
In the email box of the corresponding user the further configuration takes place:
![]()