One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

Similar documents
One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

One Identity Starling Two-Factor Authentication. Administration Guide

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

One Identity Starling Two-Factor Authentication. Administrator Guide

One Identity Password Manager User Guide

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

EAM Portal User's Guide

One Identity Active Roles Diagnostic Tools 1.2.0

One Identity Quick Connect Express

One Identity Starling Two-Factor Authentication

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Cloud Access Manager SonicWALL Integration Overview

One Identity Active Roles 7.2

One Identity Defender 5.9. Product Overview

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Authentication Manager Self Service Password Request Administrator s Guide

Quest Unified Communications Diagnostics Data Recorder User Guide

Spotlight Management Pack for SCOM. User Guide

One Identity Starling Identity Analytics & Risk Intelligence. User Guide

One Identity Active Roles 7.2. Management Pack Technical Description

Spotlight on SQL Server Enterprise Spotlight Management Pack for SCOM

Cloud Access Manager Overview

One Identity Manager Data Archiving Administration Guide

About One Identity Quick Connect for Base Systems 2.4.0

One Identity Manager 8.0. IT Shop Administration Guide

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

SQL Optimizer for Oracle Installation Guide

One Identity Management Console for Unix 2.5.1

KACE GO Mobile App 5.0. Getting Started Guide

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2013 Migration

Cloud Access Manager How to Configure Microsoft Office 365

Cloud Access Manager How to Configure Microsoft SharePoint

Dell Secure Mobile Access Connect Tunnel Service User Guide

Quest InTrust Objects Created and Used by InTrust

Quest Recovery Manager for Active Directory 9.0. Quick Start Guide

Quest Migration Manager for Exchange Granular Account Permissions for Exchange 2010 to 2010 Migration

Setting up Quest QoreStor as an RDA Backup Target for NetVault Backup. Technical White Paper

About Toad for Oracle 2017 Editions 2. Product release notes 4. Installation 5

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

KACE GO Mobile App 5.0. Release Notes

Rapid Recovery License Portal Version User Guide

Metalogix Intelligent Migration. Installation Guide

KACE GO Mobile App 3.1. Release Notes

One Identity Authentication Services Defender Integration Guide

Metalogix Archive Manager for Files 8.0. IIS Installation

Quest Migration Manager Upgrade Guide

The Privileged Appliance and Modules (TPAM) Approver Guide

Quest Migration Manager for Exchange Resource Kit User Guide

Quest Recovery Manager for Active Directory Forest Edition 9.0. Quick Start Guide

Dell Statistica. Statistica Enterprise Server Installation Instructions

Quest Code Tester for Oracle 3.1. Installation and Configuration Guide

One Identity Manager Administration Guide for Connecting to SharePoint

One Identity Manager 8.0. Data Archiving Administration Guide

KACE GO Mobile App 4.0. Release Notes

One Identity Manager 8.0. Administration Guide for Connecting to Azure Active Directory

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

One Identity Password Manager 5.7.1

SonicWall Mobile Connect for Chrome OS

Dell One Identity Cloud Access Manager 8.0. Overview

Setting up the DR Series System on Acronis Backup & Recovery v11.5. Technical White Paper

One Identity Safeguard for Privileged Sessions 5.9. Remote Desktop Protocol Scenarios

Toad Intelligence Central 3.3 New in This Release

Quest Migrator for Notes to Exchange SSDM User Guide

Metalogix ControlPoint 7.6. for Office 365 Installation Guide

One Identity Quick Connect for Base Systems 2.4. Administrator Guide

One Identity Manager Administration Guide for Connecting Oracle E-Business Suite

Setting up the DR Series System with vranger. Technical White Paper

Quest InTrust InTrust Events

TPAM Security Product Client for Windows Security Product Client for Windows Guide

One Identity Manager 8.0. Administration Guide for Connecting to a Universal Cloud Interface

SQL Optimizer for IBM DB2 LUW 4.3.1

Quest Knowledge Portal 2.9

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

One Identity Password Manager 5.8.0

Toad DevOps Toolkit 1.0

One Identity Manager 8.0. Administration Guide for Connecting to Cloud Applications

Cloud Access Manager Installation Guide

One Identity Active Roles 7.2. Web Interface User Guide

MySonicWall Secure Upgrade Plus

One Identity Manager Administration Guide for Connecting to SharePoint Online

Cloud Access Manager Configuration Guide

Quest One Password Manager

One Identity Active Roles 7.2. Web Interface Administrator Guide

Toad Edge 2.0 Preview

One Identity Manager 8.0. Native Database Connector User Guide for Connecting DB2 (LUW) Databases

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

One Identity Password Manager 5.8.2

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Quest Migration Manager for Active Directory Cached Credentials Utility Administrator Guide

Toad Edge Installation Guide

Dell Change Auditor 6.5. Event Reference Guide

One Identity Manager 8.0. Administration Guide for Connecting to Active Directory

SonicWall Secure Mobile Access

Dell SonicWALL SonicOS 5.9 Upgrade Guide

One Identity Active Roles 7.2. Skype for Business Server User Management Administrator Guide

Metalogix StoragePoint 5.7. Release Notes

One Identity Manager 8.0. Target System Base Module Administration Guide

Transcription:

One Identity Starling Two-Factor HTTP Module 2.1 Administration Guide

Copyright 2018 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of One Identity LLC. The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. One Identity do not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: One Identity LLC. Attn: LEGAL Dept 4 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (http://www.oneidentity.com) for regional and international office information. Patents One Identity is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at http://www.oneidentity.com/legal/patents.aspx. Trademarks One Identity and the One Identity logo are trademarks and registered trademarks of One Identity LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit our website at www.oneidentity.com/legal. All other trademarks are the property of their respective owners. Legend WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. Starling Two-Factor HTTP Module Administration Guide Updated - June 2018 Version - 2.1

Contents Overview 4 Prerequisites 4 Network diagram 5 Running the installer 5 Starling Two-Factor HTTP Module configuration 6 Configuring Starling Two-Factor Authentication 6 Configuring user repository for Active Directory 7 Configuring protected sites 7 Accessing Protected Website 9 OTP through SMS 9 OTP through phone call 10 OTP through Starling 2FA app 10 Diagnostic logging 11 Enabling diagnostic logging for configuration tool 11 Enabling diagnostic logging for web interface 12 Disabling diagnostic logging for configuration tool 12 Disabling diagnostic logging for web interface 13 About us 14 Contacting us 14 Technical support resources 14 3

1 Overview One Identity Starling Two-Factor HTTP Module protects on-premise websites with Starling Two-Factor Authentication. You can use One Identity Starling Two-Factor HTTP Module to secure access to websites hosted on Microsoft Web Server (IIS). For that you must deploy One Identity Starling Two-Factor HTTP Module on the web server that hosts the websites. Starling Two-Factor HTTP Module acts as a filter and requires users to authenticate through Starling Two-Factor Authentication to get access to the websites hosted on the web server. Prerequisites The following are the prerequisites for installing Starling Two-Factor HTTP Module: Microsoft.NET Framework 4.5.2 or later Microsoft IIs (7.0 or later) role is installed Windows firewall port 443 must be available Starling Two-Factor Authentication subscription A valid phone number and email id is configured for the user Overview 4

Network diagram Running the installer To run the installer: Double-click Starling.2FA.HttpModule.exe and follow the instructions on the installer screens and complete the installation. NOTE: Elevated privileges are required to run the HTTP Module configuration tool. After the installation is complete, configure Starling Two-Factor HTTP Module settings. For details, see Starling Two-Factor HTTP Module configuration. NOTE: The default application pool in IIS requires.net Framework version 4.0 or later. Overview 5

2 Starling Two-Factor HTTP Module configuration You can configure Starling Two-Factor HTTP Module for two-factor authentication by setting the required parameters in Starling Two-Factor HTTP Module Configuration window. In the configuration window, you can configure your Starling Two-Factor Authentication subscription and push notification details, user repository details and protected server site details. These details are required to carry out two-factor authentication. Configuring Starling Two-Factor Authentication To configure Starling Two-Factor Authentication: 1. Click the Configuration tab, provide the following details: Subscription key: The subscription key obtained from Starling Two-Factor Authentication Dashboard. Message: The push notification message that has to be displayed on Starling 2FA app. Timeout (seconds): The duration for which the push notification message received on Starling 2FA app is valid. Starling Two-Factor HTTP Module configuration 6

Configuring user repository for Active Directory To configure the repository for data stored in Active Directory: 1. Click Active Directory tab and provide the following parameters: Domain name: Domain name of the Active Directory. User name: Name of the account used for querying the Active Directory. NOTE: The user account must have read-only permission to query the Active Directory. Password: Password of the account used for querying the Active Directory. Base DN: Point from where the server searches for users. You must specify the root container to search the users in the format cn=users,dc=domain,dc=com, where cn is Common Name and dc is Domain Component. If Base DN is not specified, the entire directory is searched to locate the users. Use SSL: Option to enable LDAP over SSL for communicating with Active Directory server. Advanced: Option to modify the Active Directory attribute mapping. You can update the AD attribute fields in the Active Directory Advanced Settings window as per the requirement. In the window, you can map Name, E-mail and Phone Number to the attributes in Active Directory. NOTE: The username is verified with Name attribute during Two-Factor authentication. By default, Name is verified with samaccountname, userprincipalname, or name attribute in Active Directory. Configuring protected sites Starling Two-Factor HTTP Module allows you to protect your websites. You can add the websites that you want to protect using Starling Two-Factor HTTP Module in the Protected server sites tab. The tab lists the websites in the domain. You can select the required websites that has to be protected. Protection can be enabled at server sites and application level selectively. To configure the protected sites: On Protected server sites tab, select the websites that you want to secure with Starling Two-Factor HTTP Module from the tree view and click Apply or OK. Starling Two-Factor HTTP Module configuration 7

NOTE: Web applications having dependent sites will also show Starling Two-Factor authentication page, since they internally access the same URL. For Example: If the user protects OWA web application with Starling Two-Factor authentication, ECP or all dependent websites which also access OWA internally will see Starling Two-Factor authentication page. Access control is determined by the most specific path match found. NOTE: Certain web applications do not allow editing the 'web.config' file. The user must not select these web applications for 2FA protection, as Error while adding the module in web config for selected sites message may be displayed. Starling Two-Factor HTTP Module configuration 8

Accessing Protected Website To access protected website 1. Using any supported browser, access the protected website. On the Starling Two- Factor Authentication Log-in page, enter your user name and click Sign in. NOTE: When you are logging into the client application for the first time, you will receive an SMS to install Starling 2FA app during two-factor authentication, if: you have not installed Starling 2FA app and the Installation instructions option under settings of Starling Two- Factor Authentication Dashboard is enabled. 2. In the next page, if the user account exists in Active Directory then a push notification approval request will be sent automatically to the mobile device. If the user clicks on Sign in with other options link, token response page is displayed. Use one of the following methods for authentication. If user account is valid and active, they will be authenticated and permitted to access the protected website. a. Use push notifications: NOTE: To use push notifications you must install Starling Two-Factor Authentication application and register your phone number. i. Open Starling Two-Factor Authentication application and go to OneTouch menu. ii. Approve the request in the Pending tab to log in to the client application. b. Use OTP: OTP can be obtained through one of the following methods. OTP through SMS OTP through phone call OTP through Starling 2FA app OTP through SMS To generate OTP through SMS: 1. On Starling 2FA authentication token response page, click Send SMS. You will receive an SMS. 2. Enter the OTP received through SMS, in the token response field of the Starling 2FA authentication token response page, and click Continue to log in. Accessing Protected Website 9

OTP through phone call To generate OTP through phone call: 1. On the Starling 2FA authentication token response page, click Phone Call. You will receive a phone call. 2. Enter the OTP received from the phone call, in the token response field of the Starling 2FA authentication token response page, and click Continue to log in. OTP through Starling 2FA app To generate OTP through Starling 2FA app: 1. If you have installed Starling 2FA app, then your token will be added to Starling 2FA app. If you have not installed Starling 2FA app, install the app and register your phone number (Install the app either from the SMS you have received or from the app store). Your token will be added to Starling 2FA app. 2. Enter the OTP received from the Starling 2FA application, in the token response field of the Starling 2FA authentication token response page, and click Continue to log in. NOTE: Starling 2FA app can be used for two-factor authentication on Android, ios and Chrome. Accessing Protected Website 10

3 Diagnostic logging To troubleshoot issues that may occur during authentication with Starling Two-Factor HTTP Module, you need to enable diagnostic logging for Starling Two-Factor HTTP Module. You can enable or disable diagnostic logging for the configuration tool and the web UI. Enabling diagnostic logging for configuration tool To enable diagnostic logging for Starling Two-Factor HTTP Module configuration tool: 1. On a computer where Starling Two-Factor HTTP Module is installed, go to the bin folder in the installation directory. Normally, the path to the folder is %ProgramFiles%\One Identity\Starling Two-Factor HTTP Module\bin. 2. Make the following changes to Starling.TwoFactor.HttpModule.Settings.exe.config file in the bin folder: In the <log4net debug="false"> entry, set the value to true In the <level value="error" /> entry, set the value to DEBUG You can find the log file, Configuration.log, in %ProgramData%\One Identity\Starling Two-Factor HTTP Module. Diagnostic logging 11

Enabling diagnostic logging for web interface To enable diagnostic logging for Starling Two-Factor HTTP Module web interface: 1. On a computer where Starling Two-Factor HTTP Module is installed, go to Starling Two-Factor HTTP Module folder in the installation directory. Normally, the path to the folder is %ProgramFiles%\One Identity\Starling Two-Factor HTTP Module. 2. Make the following changes to the web.config and log4net.config files in the Starling Two-Factor HTTP Module folder: In the <log4net debug="false"> entry, set the value to true In the <level value="error" /> entry, set the value to DEBUG You can find the log file HttpModuleWeb.log in %ProgramData%\One Identity\Starling Two-Factor HTTP Module. Disabling diagnostic logging for configuration tool To disable diagnostic logging for Starling Two-Factor HTTP Module configuration tool: 1. On a computer where Starling Two-Factor HTTP Module is installed, go to the bin folder in the installation directory. Normally, the path to the folder is %ProgramFiles%\One Identity\Starling Two-Factor HTTP Module\bin. 2. Make the following changes in Starling.TwoFactor.HttpModule.Settings.exe.config file in the bin folder: In the <log4net debug="true"> entry, set the value to false In the <level value="debug" /> entry, set the value to ERROR Diagnostic logging 12

Disabling diagnostic logging for web interface To disable diagnostic logging for Starling Two-Factor HTTP Module web interface: 1. On a computer where Starling Two-Factor HTTP Module is installed, go to Starling Two-Factor HTTP Module folder in the installation directory. Normally, the path to the folder is %ProgramFiles%\One Identity\Starling Two-Factor HTTP Module. 2. Make the following changes to the web.config and log4net.config files in the Starling Two-Factor HTTP Module folder: In the <log4net debug="true"> entry, set the value to false In the <level value="debug" /> entry, set the value to ERROR Diagnostic logging 13

About us About us Contacting us For sales or other inquiries, visit https://www.oneidentity.com/company/contact-us.aspx or call +1-800-306-9329. Technical support resources Technical support is available to One Identity customers with a valid maintenance contract and customers who have trial versions. You can access the Support Portal at https://support.oneidentity.com/. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. The Support Portal enables you to: Submit and manage a Service Request View Knowledge Base articles Sign up for product notifications Download software and technical documentation View how-to-videos Engage in community discussions Chat with support engineers online View services to assist you with your product About us 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback