Mideye authentication types

The Mideye server is a general-purpose RADIUS server with eight different supported authentication types:

  1. Password: The user is authenticated with a static password.
  2. Mobile: The user is authenticated with a static password, in combination with a one-time password that is sent to the user’s mobile phone in real-time via the mobile network. This authentication type relies on a two-step challenge-response dialogue.  Users that have activated Mideye+ get OTPs primarily via data push (mobile data or wifi), with Plus (auth type 5) as a fallback in case the phone is not reachable. Users without Mideye+ log in with SMS-OTP.
  3. Token: The user is authenticated with a static password, in combination with a one-time password that is obtained from the user’s token card (YubiKey or HID Mini Token). The static password and the one-time password are provided in two separate steps. This authentication type relies on a two-step challenge-response dialogue.
  4. Concatenated: Only supported with HID Mini Token. The user is authenticated with a static password, in combination with a one-time password that is obtained from the user’s token card. The one-time password is concatenated with the static password in one single step, which means that this authentication type does not require support for a two-step challenge-response dialogue. Example: If the static password is Sd43Erg7 and the one-time password is 28592434, this is entered as Sd43Erg728592434.
  5. Plus: The user is authenticated with a static password in combination with a one-time password which is obtained by manually signing an access challenge in the Mideye+ app. This authentication type is mainly intended as a fallback from other authentication types in case the phone is not reachable. It relies on a two-step challenge-response dialogue.
  6. Touch: The user is authenticated with a static password, followed by an ‘Accept’ option presented directly in the Mideye+ app. This authentication type requires that the Mideye+ app is reachable via data push (mobile data or wifi). It does not require support for a two-step challenge-response dialogue.
  7. Touch-Plus:  The user is authenticated primarily using Touch (auth type 6), but with a fallback to Plus (auth type 5) in case the phone is not reachable via data push.
  8. Touch-Mobile: The user is authenticated primarily using Touch (auth type 6), but if the phone is not reachable via data push, the system reverts to Mobile (auth type 2) by sending an encrypted SMS to the Mideye+ app.  If the phone is not reachable at all via the network, the server reverts to Plus (auth type 5).

Authentication types 2,5,6,7,8 require that a valid mobile phone number is registered in the user repository.

Authentication type 3 (Token) requires that the user has a token card (YubiKey or HID Mini Token) and that the corresponding serial number is registered in the user repository.

Authentication type 4 (Concatenated) only works with HID Mini Tokens.

Authentication type 5 (Plus) only works if the user has activated Mideye+.

Authentication types 6, 7 and 8 require Mideye+ for the Touch functionality.  Users that haven’t activated Mideye+ are automatically assigned authentication type 2 (SMS-OTP).