Health Analyzer VAM Best Practices Guide

Similar documents
VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

OAM 2FA Value-Added Module (VAM) Deployment Guide

VAM. PeopleSoft Value-Added Module (VAM) Deployment Guide

VAM. Radius 2FA Value-Added Module (VAM) Deployment Guide

SecureAuth IdP Realm Guide

.NET SAML Consumer Value-Added (VAM) Deployment Guide

BEST PRACTICES GUIDE RSA MIGRATION MODULE

Device Recognition Best Practices Guide

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Introduction. SecureAuth Corporation Tel: SecureAuth Corporation. All Rights Reserved.

VAM. Epic epcs Value-Added Module (VAM) Deployment Guide

Deployment Guide Installing WhatsUp Gold Distributed Edition to Central and Remote Sites

Integration Guide. SecureAuth

Dell EMC License Manager Version 1.5 User's Guide

Dell License Manager Version 1.2 User s Guide

CA Adapter. CA Adapter Installation Guide for Windows 8.0

IdP High Performance and Optimization Best Practices Guide

Java SAML Consumer Value-Added Module (VAM) Deployment Guide

WhatsUp Gold 2016 Installation and Configuration Guide

VAM. CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide

ControlPoint. Quick Start Guide. November 09,

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Getting Started with VMware View View 3.1

Install New Java Client, Release GL 3.1 For Workstations Currently without Java

Barracuda NextGen Report Creator

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

Version 6.3 Upgrade Guide

User Manual. ARK for SharePoint-2007

ControlPoint. Advanced Installation Guide. September 07,

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

capvpn Instructions for Windows

Integration with Tenable Security Center

White Paper. The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection

VPN Installation Quick Setup Guide

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

This documentation is for clean installations with no prior Panopto software installed. For upgrade instructions, please see Upgrade to Panopto 4.6.

Multifactor Authentication Installation and Configuration Guide

Inmagic Content Server Standard Version 9.00 Installation Notes for New and Upgrade Installations

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

DirectoryAnalyzer 4.12

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

VAM. Java SAML Consumer Value- Added Module (VAM) Deployment Guide

Kaseya 2. Installation guide. Version R8. English

Sophos Enterprise Console

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Installing and Configuring vcenter Support Assistant

Configuring the SMA 500v Virtual Appliance

Inmagic Content Server Workgroup Version 9.00 Installation Notes for New and Upgrade Installations

Business Insights Dashboard

NETWRIX INACTIVE USER TRACKER

CLI users are not listed on the Cisco Prime Collaboration User Management page.

User Identity Sources

Installation Guide for Pulse on Windows Server 2012

VMware Horizon Cloud Service on Microsoft Azure Administration Guide

Installation Guide. for 6.5 and all add-on modules

Dell SupportAssist Version 2.1 for Dell OpenManage Essentials Quick Setup Guide

Installation on Windows Server 2008

Employee Web Services. Installation Guide

Abila MIP. Human Resource Management Installation Guide

PCoIP Connection Manager for Amazon WorkSpaces

Dell EMC vsan Ready Nodes for VDI

PAN 802.1x Connector Application Installation Guide

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

NETWRIX GROUP POLICY CHANGE REPORTER

User Guide. Version R94. English

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

User Guide. 3CX Recording Manager Standard. Version

HP Database and Middleware Automation

Privileged Access Agent on a Remote Desktop Services Gateway

SEMS SOFTWARE SUITE INSTALLATION WHERE TO DOWNLOAD THE INSTALLERS


Configure WSA to Upload Log Files to CTA System

Dell EMC Ready Architectures for VDI

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Automation Anywhere Enterprise 10 LTS

Secure Single Sign On with FingerTec OFIS

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

3M Molecular Detection System Software Upgrade/Installation Instructions

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

NetWrix Group Policy Change Reporter

Desktop Deployment Guide

CYAN SECURE WEB Installing on Windows

Immotec Systems, Inc. SQL Server 2008 Installation Document

ForeScout Extended Module for Advanced Compliance

Getting Started with. Management Portal. Version

Microsoft Managing Office 365 Identities and Requirements. Download Full version :

Sage Installation and System Administrator s Guide. March 2019

Dell Storage Compellent Integration Tools for VMware

Enabling and Configuring Outbound API Notifications

Netwrix Auditor. Virtual Appliance and Cloud Deployment Guide. Version: /25/2017

VMware AirWatch Integration with SecureAuth PKI Guide

ecopy PaperWorks Connector for Microsoft SharePoint Administrator s Guide

Technology Note. ER/Studio: Upgrading from Repository (v ) to Team Server 2016+

User Guide. Voic Manager. Version 14

Installing Active Directory on a Windows 2012 Server

Laserfiche Rio 10.3: Deployment Guide. White Paper

Configure WSA to Upload Log Files to CTA System

Transcription:

Health Analyzer VAM Best Practices Guide

Copyright Information 2017. SecureAuth is a copyright of SecureAuth Corporation. SecureAuth s IdP software, appliances, and other products and solutions, are copyrighted products of SecureAuth Corporation. Version 2.1 March, 2017 For information on supporting this module, contact your SecureAuth sales representative: Email: support@secureauth.com Phone: +1.949.777.6959 or +1-866- 859-1526 Website: https://www.secureauth.com/support.aspx

Contents Introduction 1 Benefits.................................................................................... 1 Deployment 2 Deployment Prerequisites.................................................................... 2 Best Practices............................................................................... 2 Installing the Module......................................................................... 3 Running the Health Analyzer 5 Interpreting the Report 8 Individual Realm Report..................................................................... 10 Score Calculation............................................................................ 11 Use Case 12

Introduction The SecureAuth Health Analyzer tests SecureAuth Realms to gather the following information and generate an HTML report based on the results. The elements tested include: + Average health and security score of all realms combined + Number of Identity Manager (IdM) Realms + Number of SSO Realms + Number of Network Realms + Machine Name & Host Name + Whether the machine is joined to a domain + Whether the server has an enabled firewall + IPv4 and Ipv6 address This is followed by a list of all realms with a hyperlink to drill down into specifics for each realm. Each link is summarized with the title, authentication mode, purpose, and audit score. This testing applies to the IdM, SSO, and Network Realm. Benefits + Conducts a detailed analysis of the IdM, SSO, and network realms + Enables managers and installers to establish the health and current configuration of the SecureAuth deployment + Audits the results and provides an HTML report Introduction 1

SecureAuth Health Analyzer VAM Best Practices Guide Deployment While there are several ways to deploy the Health Analyzer, the procedure detailed on the following pages is the approach recommended by SecureAuth. + Deployment Prerequisites + Best Practices + Installing the Module + Running the Health Analyzer + Interpreting the Report Deployment Prerequisites The requirements for deployment of this VAM are: + SecureAuth IdP version 9.0.x or later Best Practices When planning for deployment, keep in mind the following best practices: + Make sure you download the latest deployment package from the SecureAuth website that matches your version of SecureAuth IdP. Remember: the Health Analyzer cannot interpret a version of IdP earlier than 2.0. + Make sure that all realms you are using have been fully configured. An incompletely configured realm will automatically register an error. + The computer bearing the SecureAuth IdP appliance must have a designated D: drive. The Health Analyzer expects to create a directory for its report on the computer s D: drive. (This should not be a problem in most cases, since SecureAuth IdP normally creates a D: drive when deployed.) + We strongly recommend using Thread Feeds that take advantage of threat intelligence to prevent misuse of stolen credentials. + The Analyzer is designed to identify the adaptive gaps in your IdP configuration. If you are not running Adaptive functionality such as Geo-fencing, Geo-velocity, and Geo-location you are not taking advantage of IdP s full power or protecting your system to its maximum extent. Most problems can be alleviated by using the Health Analyzer and examining the resulting report. Deployment 2

SecureAuth Health Analyzer VAM Best Practices Installing the Module To configure the SecureAuth Health Analyzer installation, perform the following steps: 1. Download the SecureAuth Health Analyzer Setup.msi file from the SecureAuth site. The file should appear in your Download folder. NOTE: Only those customers with a license to use this VAM are permitted to download this product. 2. Double-click SecureAuth Health Analyzer Setup.msi. A Welcome screen appears like Figure 1. FIGURE 1. Health Analyzer Setup Wizard Welcome Screen 3. Click Next. The Select Installation Folder screen appears like Figure 2, Select Installation Folder Screen, on page 3. FIGURE 2. Select Installation Folder Screen Deployment 3

SecureAuth Health Analyzer VAM Best Practices Guide 4. Either click Next to accept the current destination folder, or select a new destination folder then click Next. In most cases, the default destination folder should be sufficient. The Confirm Installation Folder screen appears like Figure 2, Select Installation Folder Screen, on page 3. FIGURE 3. Confirm Installation Screen 5. Click Next to start the installation. When the installation is complete, an Installation Complete screen appears. 6. Click Finish to exit the wizard. The Health Analyzer icon is placed on the desktop. Proceed to the next section, Running the Health Analyzer on page 5. Deployment 4

SecureAuth Health Analyzer VAM Best Practices Running the Health Analyzer To run the Health Analyzer, perform the following procedure: 1. From desktop, double-click on SecureAuth Health Analyzer.exe icon. The Health Analyzer is started. A screen like Figure 4 appears. FIGURE 4. Health Analyzer Start Page 2. Click the Start button. The Analyzer automatically detects the location of the SecureAuth IdP then inspects the existing SecureAuth IdP realms and associated files. As it works, it presents a status update like Figure 5. When the task is completed, this message appears. FIGURE 5. Analyzer Updates All currently configured realms are examined and analyzed in sequence, starting with Realm0 and proceeding through every created realm. Once the analysis is finished, the Tasks Complete message appears at the bottom of the run status list. Running the Health Analyzer 5

SecureAuth Health Analyzer VAM Best Practices Guide 3. Once the analysis is completed, the Analyzer deposits its findings into a special Report directory on the D: drive like Figure 6. Notice the report is placed in its own subfolder like this. FIGURE 6. Analyzer Report Location The report folder is generated and placed on the D: drive. At least four subfolders appear here. The report itself is found in the subfolder that is dated. If the analyzer is run more than once a day, only the latest report appears in this folder. If a report is run on multiple days, each report appears in its own dated folder. 4. Click on the dated subfolder you require. Two or more files appear. One of the files will be named index.html. One or more auxiliary files bearing the name of each realm that has been inspected also appears like the example in Figure 7. Each dated folder includes an index file like this... FIGURE 7. Contents of the Dated Subfolder 5. Double-click on the Index.html file. Running the Health Analyzer 6

SecureAuth Health Analyzer VAM Best Practices The report appears in your default browser, like the example in Figure 8. FIGURE 8. Health Analyzer Report Format 6. If required, drill down into the status of individual realms by clicking on the available realm name links. For more on the fields in this report and their meaning, refer to Interpreting the Report on page 8. Running the Health Analyzer 7

SecureAuth Health Analyzer VAM Best Practices Guide Interpreting the Report When you double-click on the report index.html file, a screen like Figure 9 appears. FIGURE 9. Main Report Interpreting the Report 8

SecureAuth Health Analyzer VAM Best Practices The fields that appear on the Analyzer report include: Field Total Realms Avg Score IdM Realms SSO Realms Ntwk Realms Machine Name Domain Joined Firewall Enabled Host Name IP Addresses... Description The total number of realms that have been defined for this IdP Average score for the realms on this IdP. For an explanation of what the score entails, refer to Score Calculation on page 11. The total number of realms that have been defined for IdM activities The total number of realms defined for SSO activities The number of realms defined for network activities The name of the computer on which this IdP appliance resides Indicates whether this IdP appliance is joined to a Active Directory domain (Yes) or not (No) Indicates whether the host s firewall has been enabled for this IdP appliance (Yes) or not (No) The name of the host on which this IdP appliance resides. In many cases, the Host Name field and the Machine Name field are identical. The range of IP addresses assigned to the realms and components of this IdP appliance Realm List a list of the realms defined for this IdP appliance # The number assigned to this realm. Title Auth Purpose Audit Score The name assigned to this realm. This is a link to specific realm information. To drill down and view the report for this individual realm, click the link. The individual realm report appears as explained in Individual Realm Report on page 10. The authentication path this realm follows as defined by the IdP workflow configuration The purpose for creating this realm The composite percentage the Health Analyzer has assigned to this realm. To view the elements on which this score is based, click this link and the individual realm report appears as explained in Individual Realm Report on page 10. Notifications List a list of issues the Health Analyzer encountered. Issue Affected Realms A color-coded notification identifies an issue as critical, warning, recommendation, support, or information issue then describes the specific issue. The realm(s) identified as affected by the issue. Interpreting the Report 9

SecureAuth Health Analyzer VAM Best Practices Guide Individual Realm Report If you click on the realm list title or audit score link, a report of the individual realm appears like Figure 10. FIGURE 10. Individual Realm Report The drilled-down individual realm diagnostic report includes the following sections and fields: Field Description Overview Title Header Description Auth Workflow Purpose The name assigned to this realm The header assigned to this realm A description of this realm The type of workflow mode this realm follows to authenticate The purpose for which this realm was created (such as IdM, SSO, Network) Directories Auth Directory Auth Connection Profile Directory Profile Connection The data source this realm uses for authentication (such as Active Directory) The connection string used to connect this source for authentication data The source this realm uses for storing profile data (such as samaccountname) The connection method used to connect this source for profile data (such as the Active Directory domain) Interpreting the Report 10

SecureAuth Health Analyzer VAM Best Practices Field Description Interface Theme Logo Portal Log Email Logo The theme assigned to this realm The logo assigned to this realm The logo assigned to the portal of this realm The logo used for the email function of this realm Additional Auth Second Factors Group Restriction OTP Length The second authentication factor assigned to this realm, such as email, PIN, or phone Any restrictions by user groups imposed on this realm The length of the OTP assigned to this realm. This tells the PIN OTP page the length of the OTP to generate. Purpose SecureAuth Type Post-Auth Destination Profile List The type of SecureAuth function specified by this realm, such as IdM, SSO, or Network The destination of this realm post-authentication List of profile fields for IdM such as Show, Hidden, and Enabled To drill up, simply click the left arrow on your browser and the general report reappears. Score Calculation The scores displayed on the report screen are broken down into a series of escalating concerns on a scale of 1 to 5, where 5 is critical. Score Meaning 1 - Non-issue non-issue 2 - Support Issue Support Issues, such as The Password Expiration cannot be determined. Please contact SecureAuth support. 3 - Recommendation Recommendations, such as Audit Logging has only TEXT files selected. Please consider utilizing either Syslog or SQL as a logging type. 4 - Warning Configuration issues, such as Debug Logging, are currently enabled and may cause issues in a production environment. 5 - Critical Critical, such as SSL, is currently not required for this realm. Please enable SSL and ensure it is always used. Interpreting the Report 11

SecureAuth Health Analyzer VAM Best Practices Guide Use Case There are two cases for which the Health Analyzer VAM is expressly designed: + Your present SecureAuth IdP installation is misbehaving and you want to run a health check to isolate the problem + You are planning to upgrade your current SecureAuth IdP deployment to the most recent version and want to determine whether you should get SecureAuth Professional Services involved in the upgrade effort Use Case 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback