Hi,
We are testing FIM R2 SSPR OTP Email gate in our lab environment. I've configured the OTP Email gate to execute only for "Extranet" requests. So my understanding is that only password reset requests that originate from outside our network will have the OTP security code emailed to them and users on our internal network will not have to go through the OTP security code.
However, I've noticed that the OTP security code is still emailed to the user which attempt the password reset from inside our network. I even tried it from the password reset portal server itself and it still it sent out the security code and wanted it
to be entered for the password reset. So I'm wondering what exact logic is FIM using to determine that the request is originating from extranet? Am i missing something in my configuration?
Our FIM setup is: Password Reset & Registration Portal on Server1, FIM portal + FIM Service + FIM Sync on Server2, FIM DB on Server3. And both Server1 & Server2 are on the same subnet.
Thanks,
Parm