One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

Similar documents
One Identity Starling Two-Factor Authentication. Administrator Guide

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

One Identity Starling Two-Factor Authentication. Administration Guide

One Identity Password Manager User Guide

One Identity Starling Two-Factor Authentication

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Spotlight on SQL Server Enterprise Spotlight Management Pack for SCOM

One Identity Active Roles 7.2

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Quest Unified Communications Diagnostics Data Recorder User Guide

Cloud Access Manager SonicWALL Integration Overview

EAM Portal User's Guide

One Identity Active Roles Diagnostic Tools 1.2.0

One Identity Quick Connect Express

One Identity Defender 5.9. Product Overview

SQL Optimizer for Oracle Installation Guide

Cloud Access Manager Overview

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Metalogix Intelligent Migration. Installation Guide

Spotlight Management Pack for SCOM. User Guide

Toad Intelligence Central 3.3 New in This Release

About Toad for Oracle 2017 Editions 2. Product release notes 4. Installation 5

Cloud Access Manager How to Configure Microsoft Office 365

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

Metalogix Archive Manager for Files 8.0. IIS Installation

Quest Migration Manager for Exchange Resource Kit User Guide

Quest Migrator for Notes to Exchange SSDM User Guide

Quest Migration Manager Upgrade Guide

Authentication Manager Self Service Password Request Administrator s Guide

KACE GO Mobile App 5.0. Getting Started Guide

KACE GO Mobile App 5.0. Release Notes

SQL Optimizer for IBM DB2 LUW 4.3.1

KACE GO Mobile App 3.1. Release Notes

Quest Recovery Manager for Active Directory 9.0. Quick Start Guide

Rapid Recovery License Portal Version User Guide

Dell One Identity Cloud Access Manager 8.0. Overview

Toad Edge 2.0 Preview

Cloud Access Manager How to Configure Microsoft SharePoint

Dell Secure Mobile Access Connect Tunnel Service User Guide

One Identity Active Roles 7.2. Management Pack Technical Description

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2013 Migration

Quest Code Tester for Oracle 3.1. Installation and Configuration Guide

KACE GO Mobile App 4.0. Release Notes

Quest Recovery Manager for Active Directory Forest Edition 9.0. Quick Start Guide

One Identity Management Console for Unix 2.5.1

Quest InTrust Objects Created and Used by InTrust

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2010 Migration

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

One Identity Manager 8.0. IT Shop Administration Guide

Setting up Quest QoreStor as an RDA Backup Target for NetVault Backup. Technical White Paper

Quest InTrust InTrust Events

Toad Edge Installation Guide

Metalogix ControlPoint 7.6. for Office 365 Installation Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Toad DevOps Toolkit 1.0

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

About One Identity Quick Connect for Base Systems 2.4.0

Quest One Password Manager

Quest Knowledge Portal 2.9

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

MySonicWall Secure Upgrade Plus

Dell Statistica. Statistica Enterprise Server Installation Instructions

Setting up the DR Series System on Acronis Backup & Recovery v11.5. Technical White Paper

Toad Data Point - Professional Edition. The Toad Data Point Professional edition includes the following new features and enhancements.

One Identity Starling Identity Analytics & Risk Intelligence. User Guide

One Identity Manager 8.0. Administration Guide for Connecting to Azure Active Directory

Cloud Access Manager Configuration Guide

One Identity Manager Data Archiving Administration Guide

One Identity Manager 8.0. Administration Guide for Connecting to a Universal Cloud Interface

The Privileged Appliance and Modules (TPAM) Approver Guide

Quest Migration Manager for Active Directory Cached Credentials Utility Administrator Guide

One Identity Manager Administration Guide for Connecting to SharePoint Online

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

One Identity Manager Administration Guide for Connecting to SharePoint

One Identity Authentication Services Defender Integration Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

SonicWall Mobile Connect for Chrome OS

Metalogix Content Matrix 8.7. Quick Start Guide

Setting up the DR Series System with vranger. Technical White Paper

One Identity Quick Connect for Base Systems 2.4. Administrator Guide

One Identity Active Roles 7.2. Web Interface User Guide

One Identity Safeguard for Privileged Sessions 5.9. Remote Desktop Protocol Scenarios

Dell GPOADmin 5.7. About Dell GPOADmin 5.7. New features. Release Notes. December 2013

Metalogix StoragePoint 5.7. Release Notes

TOAD TIPS & TRICKS. Written by Jeff Podlasek, Toad DB2 product manager, Quest

Toad Edge Installation Guide

Dell Change Auditor 6.5. Event Reference Guide

Toad Data Point - Professional Edition. The Toad Data Point Professional edition includes the following new features and enhancements.

Security Explorer 9.1. User Guide

TPAM Security Product Client for Windows Security Product Client for Windows Guide

One Identity Manager 8.0. Native Database Connector User Guide for Connecting DB2 (LUW) Databases

One Identity Manager 8.0. Data Archiving Administration Guide

Dell SonicWALL SonicOS 5.9 Upgrade Guide

LiteSpeed for SQL Server 6.1. Configure Log Shipping

One Identity Manager 8.0. Administration Guide for Connecting to Cloud Applications

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

Cloud Access Manager Installation Guide

Metalogix Migrator 4.7. Install Guide

Transcription:

One Identity Adapter 6.0 Administrator Guide

Copyright 2017 Quest Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Quest Software Inc. The information in this document is provided in connection with Quest Software products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest Software products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST SOFTWARE ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL QUEST SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST SOFTWARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest Software makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest Software does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software Inc. Attn: LEGAL Dept 4 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (www.quest.com) for regional and international office information. Patents Quest Software is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at www.quest.com/legal. Trademarks Quest, One Identity, and the One Identity logo are trademarks and registered trademarks of Quest Software Inc. and/or its affiliates in the U.S.A. and other countries. For a complete list of Quest Software trademarks, please visit our website at www.quest.com/legal. All other trademarks, servicemarks, registered trademarks, and registered servicemarks are the property of their respective owners. Legend WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. Adapter Administrator Guide Updated - April 2017 Version - 6.0

Contents Overview 4 Prerequisites 4 Connectivity requirements 4 Deployment Overview 5 Running the installer 6 Adapter Configuration Settings 7 Modifying the settings using configuration tool 7 Configuring Multi-factor Authentication 8 Testing the setup 9 Network diagram 10 Diagnostic logging 11 Enabling diagnostic logging 11 Disabling diagnostic logging 11 About us 12 Contacting us 12 Technical support resources 12 3

1 Overview One Identity Adapter integrates with Microsoft Active Directory Federation Services () 3.0 to add two-factor authentication to services using browser-based federated logins. Adapter supports relying parties that use Microsoft WS-Federation protocol, like Office 365, as well as SAML 2.0 federated logons for cloud applications like Google Apps and salesforce.com. Starling Two- Factor Adapter with 3.0 supports Windows Server 2012 R2. Prerequisites Before installing Adapter, verify the following: Microsoft.NET Framework 4.6.1 or later is installed PowerShell 4.0 or later is installed role is installed and the service is running The federated logins to the relying parties are working A valid phone number and email id is configured in Active Directory for the user Connectivity requirements After verifying and setting up the prerequisites, do the following: 1. Request Authentication subscription. 2. Log in to Authentication Dashboard and get the subscription key (required for Adapter installation). Adapter communicates with Authentication on SSL/TCP port 443. As the IP addresses can change over time, you must not lock down the firewall to individual IP addresses. 4 Overview

Deployment Overview Adapter adds multi-factor authentication (MFA) that provides a two-factor authentication prompt to web-based logins through server or Web Application Proxy. After completing the primary server authentication (by any standard means such as Windows Integrated or Forms-Based), you have to complete authentication challenge before getting redirected to the relying party. If the deployment is in an farm, install Adapter on all AD FS servers in the farm. After the installation of Adapter on the servers in the farm, while configuring the multi-factor authentication policies, select the MFA location (Internal access or External access or both as per the requirement). If you require twofactor authentication for External access locations, a Web Application Proxy is required and you do not have to install Adapter on the Web Application Proxy server. 5 Overview

2 Running the installer To run the installer: 1. Launch Adapter installer MSI from an elevated command prompt or right-click Command Prompt and select Run as Administrator. 2. Accept the license agreement and continue with the installation. 3. Enter Authentication subscription key obtained from Starling Two-Factor Authentication Dashboard page. NOTE: You can modify the parameters after installation as per the requirement. For more information, see Adapter Configuration Settings. 4. Complete the remaining steps for installing Adapter. NOTE: service will restart during installation. 6 Running the installer

3 Adapter Configuration Settings You can modify Adapter configuration settings using Starling Two-Factor Adapter configuration tool. Modifying the settings using configuration tool To modify the settings using the configuration tool: 1. From the Start menu, open Adapter Configuration. 2. Modify the required parameters. The available parameters are: Subscription key: The subscription key obtained from Authentication Dashboard. For details, see Connectivity requirements. Notification message: The push notification message that has to be displayed on Starling 2FA application, when an approval request is received. Timeout in seconds: The duration for which the push notification approval request, received on Starling 2FA application, is valid. 3. Click Apply to save the settings. NOTE: service will restart while saving the settings. 7 Adapter Configuration Settings

4 Configuring Multi-factor Authentication To configure Multi-factor authentication: 1. Launch the Management console on the primary server. 2. Navigate to > Authentication Policies and click Edit Global Multi-factor Authentication or under Multi-factor Authentication > Global Settings section, click Edit. 3. In the Edit Global Authentication Policy dialog box, click Multi-factor tab. 4. In Users/Groups section, click Add and select a domain for MFA (for example, Domain Users). 5. In the Locations section, select Extranet and/or Intranet checkboxes depending on the required type of connection. For example, if you always require two-factor authentication, select both Extranet and Intranet locations when configuring the multi-factor authentication policy. If you want to enforce two-factor authentication for external users, and if you have configured your network such that external users communicate with an Web Application Proxy while internal users communicate with the Identity Provider, select only Extranet. 6. In Select additional authentication methods, select Authentication. NOTE: In an advanced multi-factor scenario, you can choose Intranet and/or Extranet for each user or for each relying party. For more information, see the Microsoft's TechNet article Overview: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications. 8 Configuring Multi-factor Authentication

5 Testing the setup To test your setup, do the following: 1. Use a web browser to log in to a relying party for your deployment. For example, you can log into https://portal.microsoftonline.com to access Office 365. 2. Complete primary authentication of your server. Authentication enrollment or login prompt is displayed. If push notification is enabled, user receives an approval request on the Starling 2FA application. User can approve or deny the request. If the request is denied or timed out, user can request for another approval request or sign in with token response obtained from SMS, Phone call, or Starling 2FA application. If push notification is not enabled, user can sign in with token response obtained from SMS, Phone call, or Starling 2FA application. 9 Testing the setup

Network diagram 10 Testing the setup

6 Diagnostic logging To troubleshoot issues that may occur during authentication with Authentication, you need to enable diagnostic logging for Adapter. By default, diagnostic logging is disabled. NOTE: After enabling or disabling diagnostic logging, you must restart service. Enabling diagnostic logging To enable diagnostic logging for Adapter: On a computer where Adapter is installed, in the HKEY_ LOCAL_MACHINE\SOFTWARE\One Identity\ Adapter registry key, create the following values using Registry Editor: Value type: REG_SZ Value name: Diagnostics Value data: 1 NOTE: The path to the log file is %ProgramData%\One Identity\Starling Two- Factor Adapter\StarlingTwoFactorAdapter.log. Disabling diagnostic logging To disable diagnostic logging for Adapter: Delete the Diagnostics value from Adapter registry key or set the value data to 0. 11 Diagnostic logging

About us About us Contacting us For sales or other inquiries, visit www.quest.com/company/contact-us.aspx or call +1 949 754-8000. Technical support resources Technical support is available to One Identity customers with a valid maintenance contract and customers who have trial versions. You can access the Quest Support Portal at https://support.quest.com. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to: Submit and manage a Service Request View Knowledge Base articles Sign up for product notifications Download software and technical documentation View how-to-videos Engage in community discussions Chat with support engineers online View services to assist you with your product 12 About us

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback