MicroStrategy ONE

Enable Badge Authentication for Web and Mobile

If you use an LDAP directory to centrally manage users in your environment, you can add them to your Identity network, and allow them to log into MicroStrategy Web or Mobile by using their badges from MicroStrategy Badge.

The users in your LDAP directory can log into MicroStrategy Web by:

  • Scanning a QR code using the Badge app on their smart phones, if Badge is configured as the primary authentication method.
  • Supplementing their user name and password with a numerical Badge Code that is provided via the Badge app on their smart phones, if Badge is configured as the second factor of authentication.

The high-level steps to enable Badge authentication for Web and Mobile are as follows:

  1. Set up an Identity network. Your network is the group of users in your organization who can use the Badge app on their smart phone to validate their identity to log into MicroStrategy. For steps, see the Identity Help.
  2. Add your LDAP directory to your Identity network. For steps to add your LDAP directory to Identity, see the Identity Help.
  3. If you are importing users from LDAP, connect LDAP by leveraging the connection between LDAP and your MicroStrategy Identity Server. Alternatively, you can manually connect your LDAP directory to MicroStrategy. Otherwise, import your MicroStrategy user data into the Identity network. For more information, see the Identity Help.
  4. Register your MicroStrategy environment with Badge.
  5. Configure Badge in MicroStrategy Web and Mobile.

Registering your MicroStrategy Products with Badge

To establish a connection between Badge and your MicroStrategy products, follow the steps below.

You have created an Identity network and badges for your users. Your network is the group of users in your organization who can use the Badge app on their smart phone to validate their identity to log into MicroStrategy. For steps to create an Identity network, see the Identity Help.

You have connected an LDAP user directory to MicroStrategy. For steps to connect your LDAP directory to MicroStrategy, see Implement LDAP Authentication.

To Register MicroStrategy with Badge

  1. In a web browser, log into MicroStrategy Identity Manager.
  2. Click Logical Gateways.
  3. In the MicroStrategy Platform Login area, click the MicroStrategy icon and click Continue.
  4. To change the image that is displayed on the login page when users open MicroStrategy Web, click Import an Icon. Select an image to display and click Open.
  5. In the Enter Display Name field, enter a name to display on your MicroStrategy login page.
  6. Click Next. The Set Up Your MicroStrategy Platform page is shown, with the details to configure your MicroStrategy Intelligence Server.
  7. Note the values for Organization ID, Application ID, and Token. You use these values to configure MicroStrategy Intelligence Server.
  8. Click Done.

Configuring Badge in MicroStrategy Web and Mobile

To allow your users to log into MicroStrategy Web and Mobile with MicroStrategy Badge, you must configure Badge as a trusted authentication provider in Web Administrator and Mobile Administrator, as described in the steps below.

You have registered your MicroStrategy products with Badge, as described in Registering your MicroStrategy Products with Badge, and noted the Organization ID, Application ID, and Token provided.

You have upgraded your MicroStrategy metadata. For steps to upgrade your MicroStrategy metadata, see the Upgrade Help.

Enabling Badge authentication without upgrading your metadata may cause your users to be locked out of MicroStrategy applications.

If you are enabling two-factor authentication for Web using Badge, you have added at least one user to the Two-factor Exempt (2FAX) user group in your MicroStrategy project. MicroStrategy users who are members of the Two-factor Exempt (2FAX) group are exempt from two-factor authentication, and do not need to provide an Badge Code to log into MicroStrategy Web. It is recommended that these users have a secure password for their accounts and use their accounts for troubleshooting MicroStrategy Web.

Ensure that you configure your LDAP server information correctly in your Intelligence Server. If it is not configured correctly, two-factor authentication cannot be used and therefore users will not be able to log into the server.

Enabling Badge Authentication in Web and Mobile

To Configure Intelligence Server for Badge Authentication

  1. From the Windows Start menu, select All Programs > MicroStrategy Tools > Web Administrator.
  2. For your Intelligence Server, click Modify.
  3. Click Setup.
  4. In the Connectivity section, in the MicroStrategy Identity Server URL field, enter the MicroStrategy Identity Server URL and port number for 1-way SSL.
  5. In the OrgID field, enter the Organization ID from MicroStrategy Identity Manager.
  6. In the AppID field, enter the Application ID from MicroStrategy Identity Manager.

  7. If you want to use Badge as a two-factor authentication system, select the Enable two-factor authentication checkbox. The Security token field is enabled.

    MicroStrategy users who are members of the Two-factor Exempt (2FAX) group are exempt from two-factor authentication, and do not need to provide an Badge Code to log into MicroStrategy Web. It is recommended that these users have a secure password for their accounts, and use their accounts for troubleshooting MicroStrategy Web.

  8. In the Security token field, enter the Security Token from MicroStrategy Identity Manager.
  9. To use the connection between your MicroStrategy Identity Server and LDAP, check the box labeled Import Badge User. By enabling the import process, the Badge users synchronized from LDAP are added without having to manually add them.
  10. Click Save.

To Enable Badge Authentication in Web and Mobile

  1. In Web Administrator, click Default Properties.
  2. In the Login area, for Trusted Authentication Request, select the Enabled checkbox.
  3. From the Trusted Authentication Providers drop-down menu, select Badge.
  4. Click Save.
  5. In Mobile Administrator, click Mobile Configuration.
  6. For the configuration name where you want to enable Badge authentication, click the Modify icon in the Actions column.
  7. Click on the Connectivity Settings tab.
  8. In the Default Project Authentication area, open the drop-down menu for the Authentication mode setting and select Badge.
  9. Click Save.
  10. Return to the Mobile Configuration page and repeat the modify steps for each other configuration name where you want to enable Badge authentication.