Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks

Similar documents
Establishing two-factor authentication with Barracuda SSL VPN and HOTPin authentication server from Celestix Networks

Establishing two-factor authentication with Cisco and HOTPin authentication server from Celestix Networks

Establishing two-factor authentication with FortiGate and HOTPin authentication server from Celestix Networks

Integration Guide. LoginTC

Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

ActivIdentity ActivID Card Management System and Juniper Secure Access. Integration Handbook

Integration Guide. SafeNet Authentication Service (SAS)

ESET SECURE AUTHENTICATION. Juniper SSL VPN Integration Guide

Integration Guide. SafeNet Authentication Service. Strong Authentication for Juniper Networks SSL VPN

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

Juniper SA 8.x Integration

UNT System Campus VPN Guide

Google Authenticator User Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Barracuda Networks SSL VPN

goremote.carolinas.org

RapidIdentity Mobile Guide

HOTPin Software Instructions. Mac Client

MFA (Multi-Factor Authentication) Enrollment Guide

Document for connecting an ipad/iphone to the University VPN System

Remote Access User Guide for Mac OS (Citrix Instructions)

OneLogin Integration User Guide

3.1 Getting Software and Certificates

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

VMware Identity Manager vidm 2.7

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

Technical Bulletin, November 2014

Integration Guide. SecureAuth

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Table of Contents. VMware AirWatch: Technology Partner Integration

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Table of Contents HOL-1757-MBL-6

owncloud Android App Manual

Microsoft DirectAccess

Qualys Cloud Platform (VM, PC) v8.x Release Notes

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

Device LinkUP + VIN. Service + Desktop LP Guide RDP

Barracuda SSL VPN Integration

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

External Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Orbital provide a secure (SSL) Mailserver to protect your privacy and accounts.

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

Using the Vita Group Citrix Portal

Virtua Dual Authentication Entrust IdentityGuard Enrollment

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Authlogics Forefront TMG and UAG Agent Integration Guide

Aventail Connect Tunnel Service

Dell SonicWALL NSA 3600 vpn v

Cloud UC. Program Downloads I WOULD LIKE TO... DOWNLOADING THE CLIENT SOFTWARE

Barracuda Networks NG Firewall 7.0.0

Cisco Voice Services Self-Care Portal User Guide

Juniper Networks SSL VPN Integration Guide

OVERVIEW... 3 WHAT'S NEW... 3 COMPATIBILITY WITH MDM PRODUCTS... 5 CONFIGURE AN MDM MANAGED VPN PROFILE FOR CITRIX SSO... 5

Multi-factor Authentication Instructions

Contents. Multi-Factor Authentication Overview. Available MFA Factors

Integration Guide. SafeNet Authentication Service. SAS using RADIUS Protocol with WatchGuard XTMv. SafeNet Authentication Service: Integration Guide

SafeNet Authentication Service

Extract from the ARC & RVRC Operational & Administrative Procedures

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

SSL VPN Web Portal User Guide

Sophos Mobile Control Super administrator guide. Product version: 3.5

VMware View (Horizon)

Remote Access. Application Viewer User Guide

Welcome to Adobe. This document will help you with initial account setup and password reset.

Connect to Wireless, certificate install and setup Citrix Receiver

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

Google Authenticator Guide. SurePassID Authentication Server 2017

SonicWALL Secure Remote Access Appliances. SonicWALL SRA SSL VPN 5.5 User s Guide

Secured by RSA Implementation Guide for Software Token Authenticators

Citrix Systems, Inc. Web Interface

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

HOSTED EXCHANGE SETTING UP ON SMARTPHONES & TABLETS

IVE Quick Startup Guide - OS 4.0

SailPoint IdentityIQ 6.4

Virtua Dual Authentication Entrust IdentityGuard Enrollment

Enrolling Devices in Duo

SET UP VPN FOR WINDOWS 10

Multi-factor Authentication Instructions

Two factor authentication for Cisco ASA SSL VPN

SSL VPN Web Portal User Guide

Multi-factor authentication enrollment guide for Deloitte practitioners

Checkpoint R80.10 Integration Guide (ASA)

Getting Started with Community Gateway

SurePassID Local Agent Guide SurePassID Authentication Server 2016

Midland University Remote VPN Instructions

Mobility Manager 9.5. Users Guide

RSA SecurID Ready Implementation Guide

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

Accessing Skyward Mobile Access App

Citrix SSO for ios. Page 1 18

HOB Remote Desktop VPN

etrac ATOM Android App Setup Guide

QNAP SMI-S Provider for System Center Virtual Machine Manager 2012

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

Technical Overview: Always On VPN

User guide NotifySCM Installer

Transcription:

Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks Contact Information www.celestix.com Celestix Networks USA Celestix Networks EMEA Celestix Networks APAC Integration completed by Kimberley Wong Kwan Lun info@celestix.com 3125 Skyway Court, Fremont, California, 94539, USA +1 510 668 0700 30 Queens Road, Reading, RG1 4AU, United Kingdom +44 (0)118 959 6198 1 Changi North Street 1, #02-02, Singapore 498789 +65 6781 0700 klun@celestix.com

This document outlines the steps required to integrate the Juniper SA700 SSL VPN Appliance with Celestix HOTPin two-factor authentication. The following steps are detailed within this guide: Adding users Enabling user self provisioning Configuring RADIUS integration in Juniper Adding Juniper as a RADIUS client in Celestix HOTPin Testing the login process Steps to Configure Standalone Celestix HOTPin v3.5 Prerequisites This document assumes you have followed the steps in the HOTPin Quick Start Guide, and either installed HOTPin Server v3.5, or configured your HSA Appliance ready for use. If you haven't already done so, please refer to the Quick Start Guide to complete this before proceeding. The Quick Start Guide can be found here: http://www.celestix.com/hotpin-tl.html Step 1: Launch HOTPin Administration Launch the HOTPin Management GUI using the shortcut icon on the desktop. This will load the default web browser. HOTPin ships with a default certificate to provide HTTPS security. The browser will display a certificate security warning, this is normal, choose Continue to this website. Microsoft Windows User Access Control will prompt for a username and password. Enter the administrator credentials. NOTE - depending on the web browser and the default settings, the message might be slightly different. Step 2: Adding users To add users go to HOTPin > Users. Click on New. Complete the user settings for an end user. Token Key: (none) Client Software (default) PIN: User will create PIN For production and full installation we recommend you make use of the Active Directory import feature within HOTPin, and then enable Active Directory Synchronization. This can be achieved easily and simply through the main Management GUI.

Step 3: Configure the user provisioning website From the main Management GUI, go to User Website and tick the Enable user website box. This will allow your users to provision a variety of tokens by accessing a user provisioning portal, but it is important to configure this in advance of giving access. Once enabled, default access to the site is: https://(appliancehostname IP):8098/hotpin/ This site is not enabled by default; it must be turned on by Administrators. At this point, the basic configuration for Celestix HOTPin is complete, and we'll return to the User Provisioning Website later. Configure RADIUS integration in Juniper Step 4: Add Authentication Server Log into the Juniper SSL VPN web portal. Select Auth Servers in the Authentication menu of the Administrator Console. From the dropdown box select Radius Server then click on New Server. Under Auth. Servers > Settings, complete the fields: Name: Enter a name for the HOTPin server. NAS-Identifier: Name of the device as known to Radius server. Radius Server: The IP address of the HOTPin server. Authentication Port: Set to 1812. Shared Secret: Enter the shared secret of the HOTPin server. Accounting Port: Set to 1813. NAS-IP-Address: Enter the IP address of the HOTPin server. Tick the box Users authenticate using tokens or one-time passwords.

Step 5: Configure User Authentication Realms Under Users go to User Realms > Users > General. Complete the fields: o Name: Choose a name of the Authentication Realm. o Under Servers > Authentication > Choose the radius server created in step 4. o Directory/Attribute: Choose you re Active Directory server. o Accounting Port: Choose the radius server you created in step 4. o Click Save Changes. Step 6: Configure Role Mapping Under Users section > User Realms > Highlight the User Realm where the Filter-ID attribute will be added > Click on Roll Mapping. Under the Role Mapping tab, select on the New Rule button. Complete the following fields on the Role Mapping Rule webpage: o Rules based on: User attribute. Click Update. o Under the Attribute section, select Filter-ID (11) from the dropdown box. o In the textbox below, choose a name for the Filter-Id (e.g. Information Technology). o Under the then assign these roles choose the role to assign the user to. o Click Save changes.

Step 6: Configure Role Mapping cont. Under Authentication > Signing In > Sign-In Policies, ensure that the default User URL is set to use the User Realm that has the Filter-Id added as a Role Mapping. Check that the Authentication Realm section has the correct User Realm displayed. This means that the User Realms created within the Juniper SSL VPN can authenticate to this User URL. Step 7: Enabling RADIUS client on Celestix HOTPin Go to HOTPin > NPS Radius > RADIUS clients > New. Tick Enable this RADIUS client. Enter name and IP address of the Juniper box. Apply shared secret. This completes the integration process. Next we ll test the login process. Testing the login process Celestix HOTPin supports the following platforms for generating a one-time password. Generate a one-time password using any of the client software below. Microsoft Windows Android devices MacOS Windows phone devices ios devices (iphones and ipads) Blackberry devices.

Step 8: Log on to end user provisioning website. Go to User Website and click on the link for example this URL https://(appliancehostname IP):8098/hotpin/ After you have downloaded the HOTPin app to your Smart Device, log on to the end user provisioning site with your Active Directory credentials. Step 9: Create Token Key Go to Token Key > QR Code. Enter QR code passphrase: Create a passphrase of at least 6 characters. Confirm passphrase. Code size: Select the image size. Generate QR Code: Click to create the image. Open the HOTPin app on your smart device. Choose Import from QR Code. Scan the QR Code. Enter the passphrase. Click on Import (IPhone) or OK with Android). You are now able to generate a one time password and this completes the one time device provisioning process. Log on back to the user provisioning website and choose HOTPin to authenticate. Further Help For further help, go to http://www.celestix.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback