NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

Similar documents
NetIQ Advanced Authentication Framework. Flash Drive Authentication Provider Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. Voice Call Authentication Provider Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. Universal Card Authentication Provider Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework- Web Service. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Extensible Authentication Protocol Server. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Virtual Desktop Authentication (VDA) Profile Editor. Administrator's Guide. Version 5.1.

NetIQ Advanced Authentication Framework - Virtual Desktop Authentication (VDA) Shell. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Citrix XenDesktop Plugin. Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Virtual Desktop Authentication (VDA) Profile Editor. Administrator's Guide. Version 5.1.

NetIQ Advanced Authentication Framework. Voice Call Server Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Extensible Authentication Protocol Server. Administrator's Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Virtual Desktop Authentication (VDA) Shell. User's Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. Smartphone Authentication Dispatcher Installation Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Group Policy Templates. Administrator's Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. OATH Authentication Provider User's Guide. Version 5.1.0

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

NetIQ Advanced Authentication Framework. Smartphone Authentication Provider User's Guide for Windows. Version 5.1.0

M-FILES SETUP: ADVANCED USER'S GUIDE

Rainbow Desktop app Per-user MSI deployment using Microsoft Active Directory Group Policy Objects (AD-GPO)

Installation Guide Advanced Authentication - Windows Client. Version 5.3

Copyright 2017 Softerra, Ltd. All rights reserved

Barracuda Archive Search for Outlook Deployment for Windows Vista and Windows Server 2008

Manually Refresh Group Policy Server 2008 R2

Steps. Step [1]: Click Download Bulk Enrolment Package Icon. (OR) Go to ITSM > Bulk Installation Package

Barracuda Outlook Add-In Deployment Guide version 7 and Above

Network Identity Manager with SN-Gina Outlook Web Access

Privileged Access Agent on a Remote Desktop Services Gateway

Autodesk DirectConnect 2010

Password Reset Utility. Configuration

Sharpdesk V3.3. Push Installation Guide for system administrator Version

Microsoft User Experience Virtualization Deployment Guide

Managing Group Policy application and infrastructure

Quest Desktop Authority Full Build Update Release Notes

Installation Guide Advanced Authentication - Windows Client. Version 5.4

Dell GPOADmin 5.7. About Dell GPOADmin 5.7. New features. Release Notes. December 2013

H3C Intelligent Management Center v7.3

Managing Windows Environments with Group Policy

USB-MIDI Driver installation and settings...1 Windows XP users... 1

Active Directory 2000 Plugin Installation for Cisco CallManager

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Contents. Override Default Preferences Pre-Configure Preferences with Transform Files (.MST) Install MSI for current user...

XLmanage Version 2.4. Installation Guide. ClearCube Technology, Inc.

REVISED 1 AUGUST REVIEWER'S GUIDE FOR VMWARE APP VOLUMES VMware App Volumes and later

Manually Run Ad Logon Script As Administrator Group Policy

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Product Documentation

Microsoft Exam Administering Windows Server 2012 Version: 29.0 [ Total Questions: 249 ]

Read Naturally SE Update Windows Network Installation Instructions

Pearson System of Courses

Deploying Lightspeed User Agent v

Upgrade Instructions for NetVoyant 7.0

SyAM Management Utilities can be used for silent deployment of Microsoft Office 2007 or 2010 to client systems.

January 12, Prepared by Dina Borisov, Product manager Jetro Platforms. All rights reserved.

The information in this document is based on these software and hardware versions:

NetIQ Access Manager - Advanced Authentication Plugin. Installation Guide. Version 5.1.0

A D S S G o > S i g n D e s k t o p. I n s t a l l a t i o n G u i d e. D o c u m e n t V e r s i o n

Symantec pcanywhere 12.5 SP4 Release Notes

Installation and configuration guide

INSTALL GUIDE BIOVIA INSIGHT 2016

NSFOCUS WAF (VM) User Guide

Installing and Configuring hopto Work for Citrix. System Requirements Be sure you have these system requirements to install and use hopto Work.

REVISED 1 AUGUST QUICK-START TUTORIAL FOR VMWARE APP VOLUMES VMware App Volumes and later

This module provides an overview of multiple Access and Information Protection (AIP) technologies

Comodo ONE Software Version 1.8

Guide to Deploy the AXIGEN Outlook Connector via Active Directory

How To Reset Local Group Policy Objects To Default Settings Windows 7

SecurEnvoy Microsoft Server Agent Installation and Admin Guide v9.3

VMware Horizon Migration Tool User Guide

COURSE OUTLINE MOC 10969: ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER MODULE 1: OVERVIEW OF ACCESS AND INFORMATION PROTECTION

Managing Group Policy application and infrastructure

Comodo IT and Security Manager Software Version 6.9

Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

infoxpert Support Article

SureClose Advantage. Release Notes Version

Installing and Configuring Cisco Unified Real-Time Monitoring Tool

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Install Cisco Virtualization Experience Media Engine

Cisco Unified Serviceability

EventTracker Manual Agent Deployment User Manual Version 7.x

Installation Guide Advanced Authentication - Windows Client. Version 5.6

Migration Guide. McAfee File and Removable Media Protection 5.0.0

SmartDispatch Installation Guide

Advanced Security Measures for Clients and Servers

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Authlogics Forefront TMG and UAG Agent Integration Guide

SolidWorks Enterprise PDM Installation Guide

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

INSTALLING LYNC SERVER 2013 EE POOL ON WINDOWS SERVER 2012

Version Installation Guide. 1 Bocada Installation Guide

EMS FOR MICROSOFT OUTLOOK Configuration Guide. Last Updated: March 5, 2018 V44.1

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Important notice regarding accounts used for installation and configuration

Accops HyWorks v3.0. Installation Guide

Administration Of Active Directory Schema Snap In 2003 R2 Missing

EventTracker: Virtual Appliance

Change Schema Active Directory Domain Name Windows 2008 R2

Streaming Profile Recipe

VMware View Upgrade Guide

Transcription:

NetIQ Advanced Authentication Framework FIDO U2F Authentication Provider Installation Guide Version 5.1.0

Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 System Requirements 4 Installing and Removing FIDO U2F Authentication Provider 5 Installing FIDO U2F Authentication Provider 5 RDS Farm Support 6 Configuring FIDO U2F Authentication Provider 7 Removing FIDO U2F Authentication Provider 9 Microsoft Windows 7/Microsoft Windows Server 2008 R2 9 Microsoft Windows 8.1/10/ Windows Server 2012/2012 R2 9 Installing and Removing FIDO U2F Authentication Provider via Group Policy 10 Installing FIDO U2F Authentication Provider via Group Policy 11 Removing FIDO U2F Authentication Provider via Group Policy 12 Upgrading FIDO U2F Authentication Provider Components via Group Policy 13 Troubleshooting 14 Cannot Install FIDO U2F Authentication Provider 14 Index 15 2

Introduction About This Document Purpose of the Document This FIDO U2F Authentication Provider Installation Guide is intended for all user categories and describes how to use the client part of NetIQ Advanced Authentication Framework solution. In particular, it gives instructions as for how to install FIDO U2F authentication provider. For more general information on NetIQ Advanced Authentication Framework and the authentication software you are about to use, see NetIQ Advanced Authentication Framework Client User s Guide. Information on managing other types of authenticators is given in separate guides. Document Conventions This document uses the following conventions: Warning. This sign indicates requirements or restrictions that should be observed to prevent undesirable effects. Important notes. This sign indicates important information you need to know to use the product successfully. Notes. This sign indicates supplementary information you may need in some cases. Tips. This sign indicates recommendations. Terms are italicized, e.g.: Authenticator. Names of GUI elements such as dialogs, menu items, and buttons are put in bold type, e.g.: the Logon window. 3

System Requirements Before installing the product, check that the following system requirements are fulfilled: Microsoft Windows 7 (x64/x86) SP1 Microsoft Windows Server 2008 R2 SP1/Microsoft Windows Server 2012 FIDO U2F authentication provider should be installed on the computer with already installed NetIQ Advanced Authentication Framework This authentication provider should be installed on every Authenticore Server. 4

Installing and Removing FIDO U2F Authentication Provider NetIQ Advanced Authentication Framework package includes FIDO authentication provider, which allows you to use the FIDO U2F security key for authentication. Installing FIDO U2F Authentication Provider The start of installation may be frozen for a time up to 1 minute in the case of offline mode. This delay occurs due to check of digital signature of component. To install FIDO U2F Authentication Provider: 1. Extend schema on server with an applicable server role. If the configured server role is: AD DS, schema extension should be performed on DC with Schema Admins privileges. AD LDS, schema extension should be performed on the unique AD LDS with Local Admins privileges. Follow the steps: a. Go to the FidoU2FBSP distributives folder. b. Open the Schema folder. c. If the configured server role is AD DS, open the AD folder. If the configured server role is AD LDS, open the ADAM folder. d. Run the biou2fdata.cmd file. e. Follow the schema extension. 2. Run the.msi file. FIDO U2F Authentication Provider will be automatically installed. 5

3. Restart your system for the configuration changes made to FIDO U2F authentication provider to take effect. Click Yes to restart the system immediately or No if you plan to restart it later manually. After upgrading FIDO U2F authentication provider, the FIDO U2F AP cache will be automatically cleared. FIDO U2F AP cache allows logging on the given computer using hardware authentication device when Domain Controller is not available. Domain Controller should be obligatory available during the first login after upgrade of FIDO U2F authentication provider. RDS Farm Support Before installing FIDO U2F authentication provider on the Remote Desktop Session Host (RD Session Host) server, follow the steps: 1. Install NetIQ Client and FIDO U2F AP on every RD Session Host server. 2. Install NetIQ Client and FIDO U2F AP on the thin client in the domain. To avoid additional authentication on the thin client, check the following article. 6

Configuring FIDO U2F Authentication Provider After the installation of FIDO U2F authentication provider on the Authenticore Server, a new GPO called FIDO U2F Authentication Provider will be created. The Check attestation certificate policy allows you to check attestation certificate, which was copied to an applicable directory during installation of FIDO U2F authentication provider. By default the policy is disabled. The certificate is required only if the policy is enabled. To add attestation certificate, open the following certificate and copy it to the directory on Authenticore Server(s): C:\ProgramData\BSP\FIDO U2F BSP\whitelist. Save the file with the.crt extension. The attestation certificate should be obligatory saved on every Authenticore Server. 7

To access the Check attestation certificate policy in the Group Policy Management Editor console, expand the following path: Computer Configuration -> Policies -> Administrative Templates -> FIDO U2F Authentication Provider. Registry settings: HKEY_LOCAL_MACHINE\SOFTWARE\(Wow6432Node\)Policies\BioAPI\BSP\FidoU2FBSP CheckAttestationCertificate: value type: REG_DWORD value data: 0x00000001 (1) description: 1 means that the policy is enabled The policy should be applied only on Authenticore Servers. 8

Removing FIDO U2F Authentication Provider In this chapter: Microsoft Windows 7/Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows 7/Microsoft Windows Server 2008 R2 1. In the Start menu, select Control panel and then double-click Programs and Features. 2. Select FIDO U2F Authentication Provider and click Uninstall. 3. Confirm the removal. 4. Wait a few seconds until the removal is completed. Microsoft Windows 8.1/10/ Windows Server 2012/2012 R2 1. Right click the Start button, select Programs and Features. 2. Select FIDO U2F Authentication Provider and click Uninstall. 3. Confirm the removal. 4. Wait a few seconds until the removal is completed. 9

Installing and Removing Provider via Group Policy FIDO U2F Authentication It is recommended that Microsoft Windows Server 2003 users should install Group Policy Management Console. To install/remove NetIQ Advanced Authentication Framework Modules, use: Group Policy Management Console (GPMC), which is installed by default on a Domain Controller. To open GPMC, click Start and select Administrative Tools > Group Policy Management. Group Policy Management Editor (GPME), which can be opened from GPMC. To open GPME, under domain right-click the group policy object (GPO) you are using to install the software and select Edit. It is highly recommended that you do not use Default Group Policy, because it s applicable to entire domain. It is not recommended to install/upgrade client components for all workstations at the same time. To create new group policy and configure it: 1. Create new global security group and new group policy object. 2. Connect them: a. Open created group policy object properties; b. Go to the Security tab; c. Remove Apply Group Policy option for Authenticated Users group; d. Add created group and mark Apply Group Policy option for it. 10

Installing FIDO U2F Authentication Provider via Group Policy To install FIDO U2F authentication provider using the group policy: 1. In GPME, in the selected GPO under Computer configuration > Policies > Software Settings, right-click Software Installation and select New > Package. 2. Specify the network path to the installer package. The directory you are willing to install should be located on network drive. 3. In the Deploy Software dialog, select the Assigned option and click OK. 4. The installer package name, version, state and path are displayed in Group Policy Management Editor. 5. Open package properties: a. On the Deployment tab: clear the Uninstall this application when it falls out of the scope of management check box. It is done to prevent undesirable uninstallation in case of problems as well as for the upgrade to go properly. b. On the Deployment tab: click the Advanced button and select the Ignore language when deploying this package check box. If you do not select this check box, the package will be installed only on OS with package s language. c. Clear the Make this 32-bit X86 application available to Win64 machines check box (if this option is available). 6. Add appropriate 64-bit installer to this group policy object and use settings 5a-5b. The assigned package is installed after you have updated the domain policy and restarted your computer. To update the domain policy immediately, use the gpupdate /force command. 11

Removing FIDO U2F Authentication Provider via Group Policy To remove FIDO U2F authentication provider using the group policy: 1. In GPME, under Computer Configuration > Software Settings > Software installation, right-click the deployed package and select All tasks > Remove. 2. In the Remove Software dialog, click Immediately uninstall the software from users and computers and then click OK. The package is removed after you have updated the domain policy and restarted your computer. To update the domain policy immediately, use the gpupdate /force command. If you have removed option Uninstall this application when it falls out of the scope of management as it was recommended, software will not be uninstalled after selecting Immediately uninstall the software from users and computers. In this case, you will need to uninstall it via Programs and Features/Add or remove programs. Also see Removing FIDO U2F Authentication Provider chapter. 12

Upgrading FIDO U2F Authentication Provider Components via Group Policy Option 1: You can add.msi package with new component version to an existing group policy object. However, this option does not prove to be good, because in case of any problems in new version of component, these problems spread on all computers in installation group. Option 2: The more reliable upgrading procedure implies creating new group policy object for new installers: 1. Create new installation group and new Group Policy Object (GPO), add a new.msi package in it. 2. After having configured software installation, go to Upgrades tab of package properties. 3. Click the Add button. 4. In the Add Upgrade Package dialog, please select the A specific GPO option. 5. Select a GPO which was used for installation of previous NetIQ Advanced Authentication Framework version. 6. Select.msi package name. 7. Select the Uninstall the existing package, then install the upgrade package option. Make sure that your new GPO is above the old one in the GPO list. 13

Troubleshooting This chapter provides solutions for known issues. If you encounter any problems that are not mentioned here, please contact the support service. Cannot Install FIDO U2F Authentication Provider Description: Error appears when installing FIDO U2F authentication provider on your computer. Cause: a. You have no space left on the disk. b. You are installing FIDO U2F authentication provider on the OS with the wrong bitness. c. You are installing card authentication provider before installing NetIQ Advanced Authentication Framework. Solution: a. Free the amount of disk space needed for installation. b. Check your OS s bitness (x64/x86) and run the corresponding installer (x64/x86). c. Install NetIQ Advanced Authentication Framework first. 14

Index A Authentication 1, 3-5, 7, 9-14 Authenticator 3 C Client 3, 6 Console 10 Control panel 9 Create 10, 13 D Default 10 Domain 6, 10 E Error 14 G GPMC 10 GPME 10-12 L Local 5 Logon 3 M Microsoft Windows Server 2003 10 Microsoft Windows Server 2008 4 Microsoft Windows Server 2012 9 P Package 11, 13 Policy 8, 10-11 R Remote 6 Remove 10, 12 15

S Security 10 Server 4, 7 Software 11-12 Support 6 System 4 W Windows 7 4, 9 Windows 8 9 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback