(Included in Advanced Security Module) The EFT platform can provide SMS authentication to EFT. EFT uses the Remote Authentication Dial-In User Service (RADIUS) implementation already built in to EFT, and Microsoft Network Policy Server (NPS) built in to Window 2008 and 2012 to connect to an SMS server for authentication. The RADIUS configuration in EFT will use the same shared secret as NPS. SMS uses a web dispatcher service to deliver messages to mobile phones. (SMS authentication is currently supported only on LDAP-authenticated Sites.)
The SMS provider can be installed on the same computer as EFT or remotely. SMS requires an Active Directory (AD) domain for user accounts, and can be installed and configured using basic policies, and connected to an AD group named "SMS Users." AD users must have the "mobile number" value configured in AD.
In EFT, after configuring and testing the RADIUS configuration on the Site, the users on the Site must have the Enable RADIUS check box selected to connect with SMS authentication over HTTP, HTTPS, or SFTP. If it isn't practical to enable/disable each user account individually, you can create a User Settings Template just for SMS users, then select the Use RADIUS password management check box on the User Settings Template, which will be inherited by each user in that template.
FTP and FTPS are not supported for SMS authentication.
On HTTP and HTTPS, EFT uses a session cookie to allow multiple subsequent operations without further login prompts (up to an idle timeout value, or explicitly logging out).
EFT will not relay the connecting client's IP address to SMS, so the GEO-IP security feature of SMS will not be enabled. Future versions of EFT are expected to support this.
SMS authentication will not work for Event Rules and Custom Commands.
Some connecting clients, such as CuteFTP, attempt to log in multiple times to perform multiple concurrent transfers. To improve the user experience, on the CuteFTP site that is connecting to EFT, on the Options tab, reduce Site max concurrent transfers to 1.
Follow the instructions provided by the SMS server for installation and configuration. Below are important items to consider:
We recommend installing the SMS server on Windows Server 2012 R2.
Be sure to configure the SMS server to deliver SMS messages via GSM modems, SMS Gateways, or however your infrastructure will support SMS delivery.
To manage the interaction between EFT and the SMS server, add the "Network Policy and Access Services" role to your server, with the "Network Policy Server" (NPS) Role Service enabled.
In the NPS administrator, create a RADIUS client that EFT will be configured to use for delegating authentication requests. (You will need the shared secret and NAS identifier to configure RADIUS in EFT.)
Confirm proper interoperation with EFT by setting up RADIUS authentication within EFT, as described below, using the same shared secret you supplied in step #4, above.
To configure EFT Enterprise for SMS authentication
Log in to the EFT administration interface and click the Site node for which you want to enable SMS authentication.
Click RADIUS and then click Configure. The RADIUS Authentication Settings dialog box appears.
Specify the SMS authentication settings, and then click OK.
Click Apply to save your settings.
Click Yes to restart the Site.