NetDocuments provides a variety of advanced authentication options such as Digital Certificates and IP address to control and restrict access to the repository.  A sample of the page is located below.  This page is accessed from the Repository Administration menu, using the Add and Remove Users and Groups option.  See graphic below.

Once you click this link, you will come into a page that appears as follows.

To setup your advanced authentication, click the link that says, Add another requirement.  It will then appear as shown below.  In the example below, we have clicked the link 3 times to show how you can add more than one requirement.

You will notice below that you can define authentication based on IP Addresses, or you can use Automated Login, or you can use Digital certificate.  When these methods are used other access to your NetDocuments Repository is not allowed.

With our next update in June 2009, you will also be able to restrict the Digital Certificate option to only allow usage of certificates that you generate.

NOTE:  If you want to delete a requirement, click the link on the right side.  Be careful you don't set a criteria that will lock you and your users out.  If you do this accidentally, contact support@netdocuments.com.

On the Advanced Authentication Configuration page “RSA SecurID” is added to the list of authentication methods.  When SecurID is selected a link appears next to it for uploading a configuration file from the RSA Authentication Manager.  See also the Implementation Guide.

When the upload link is clicked, an on-page dialog is displayed prompting the user for the location of the configuration file. 

If there is a SecurID requirement and a configuration file has not been uploaded in the current session or a previous session, the form cannot be submitted.
 

When a user logs in, if one of the user’s repositories has a SecurID authentication requirement that is not satisfied by another requirement (such as an IP Address or certificate-based login requirement) the user is prompted for the RSA username. 

“Acme Corp.” will be replaced by the name of the repository triggering the RSA authentication.

If the user cancels the SecurID login process, the user is taken to the initially requested page with the triggering repository excluded from the session.
 

The RSA Login page will make authentication requests to the firm’s authentication server using RSA’s proprietary protocol.  Challenge/response sequences is supported.

When a user successfully authenticates to an authentication server the user will be given access to the repository that triggered the authentication server login and the browser will navigate to the initially selected page.
 

If NetDocuments is unable to communicate with a firm’s primary RSA authentication server instance it will automatically attempt to communicate with replica instances as specified in the RSA configuration file.
 

The ND2 interface also supports the authentication server login with a similar user interface.
 

The SOAP API, WebDAV, EMS, and other utilities do not support authentication via an RSA authentication server.