Establishing tw-factr authenticatin with FrtiGate and HOTPin authenticatin server frm Celestix Netwrks Cntact Infrmatin www.celestix.cm Celestix Netwrks USA Celestix Netwrks EMEA Celestix Netwrks APAC Integratin cmpleted by Kimberley Wng Kwan Lun inf@celestix.cm 3125 Skyway Curt, Fremnt, Califrnia, 94539, USA +1 510 668 0700 30 Queens Rad, Reading, RG1 4AU, United Kingdm +44 (0)118 959 6198 1 Changi Nrth Street 1, #02-02, Singapre 498789 +65 6781 0700 klun@celestix.cm
This dcument utlines the steps required t integrate the FrtiGate111C with Celestix HOTPin twfactr authenticatin. The fllwing steps are detailed within this guide: Adding users Enabling user self prvisining Cnfiguring RADIUS integratin in FrtiGate Adding FrtiGate as a RADIUS client in Celestix HOTPin Testing the lgin prcess Steps t Cnfigure Standalne Celestix HOTPin v3.5 Prerequisites This dcument assumes yu have fllwed the steps in the HOTPin Quick Start Guide, and either installed HOTPin Server v3.5, r cnfigured yur HSA Appliance ready fr use. If yu haven't already dne s, please refer t the Quick Start Guide t cmplete this befre prceeding. The Quick Start Guide can be fund here: http://www.celestix.cm/htpin-tl.html Step 1: Launch HOTPin Administratin Launch the HOTPin Management GUI using the shrtcut icn n the desktp. This will lad the default web brwser. HOTPin ships with a default certificate t prvide HTTPS security. The brwser will display a certificate security warning, this is nrmal, chse Cntinue t this website. Micrsft Windws User Access Cntrl will prmpt fr a username and passwrd. Enter the administratr credentials. NOTE - depending n the web brwser and the default settings, the message might be slightly different. Step 2: Adding users T add users g t HOTPin > Users. Click n New. Cmplete the user settings fr an end user. Tken Key: (nne) Client Sftware (default) PIN: User will create PIN Fr prductin and full installatin we recmmend yu make use f the Active Directry imprt feature within HOTPin, and then enable Active Directry Synchrnizatin. This can be achieved easily and simply thrugh the main Management GUI.
Step 3: Cnfigure the user prvisining website Frm the main Management GUI, g t User Website and tick the Enable user website bx. This will allw yur users t prvisin a variety f tkens by accessing a user prvisining prtal, but it is imprtant t cnfigure this in advance f giving access. Once enabled, default access t the site is: https://(appliancehstname IP):8098/htpin/ This site is nt enabled by default; it must be turned n by Administratrs. At this pint, the basic cnfiguratin fr Celestix HOTPin is cmplete, and we'll return t the User Prvisining Website later. Cnfigure RADIUS integratin in FrtiGate Step 4: Add Authenticatin Server G t User > Remte > RADIUS. Select Create New, yu are autmatically redirected t the New RADIUS Server page. Cmplete the fields: Name: Enter the name f the HOTPin appliance. Type: Select either Query r Dynamic Start. Primary Server Name/IP: Enter IP address f the HOTPin appliance. Secndary Server Name/IP: Enter the IP address f secndary RADIUS server, if yu have ne. Authenticatin Scheme: Select Use Default Authenticatin Scheme t authenticate with the default methd. Select Specify Authenticatin t verride the default authenticatin methd and chse a prtcl frm the drp dwn bx. NAS IP/Called Statin ID: Optinally enter the NAS IP address. Include in every User Grup: Select the enable check bx. Click OK.
Step 5: Test cnnectin t Celestix HOTPin Click n Test t check whether FrtiGate is able t cnnect t the HOTPin appliance. Use the HOTPin administrative username and passwrd. Once FrtiGate is able t cnnect t HOTPin, click OK. Step 6: Enabling RADIUS client n Celestix HOTPin G t HOTPin > NPS Radius > RADIUS clients > New. Tick Enable this RADIUS client. Enter name and IP address f the FrtiGate bx. Apply shared secret. This cmpletes the integratin prcess. Next we ll test the lgin prcess. Testing the lgin prcess Celestix HOTPin supprts the fllwing platfrms fr generating a ne-time passwrd. Generate a ne-time passwrd using any f the client sftware belw. Micrsft Windws Andrid devices MacOS Windws phne devices ios devices (iphnes and ipads) Blackberry devices.
Step 7: Lg n t end user prvisining website. G t User Website and click n the link fr example this URL https://(appliancehstname IP):8098/htpin/ After yu have dwnladed the HOTPin app t yur Smart Device, lg n t the end user prvisining site with yur Active Directry credentials. Step 8: Create Tken Key G t Tken Key > QR Cde. Enter QR cde passphrase: Create a passphrase f at least 6 characters. Cnfirm passphrase. Cde size: Select the image size. Generate QR Cde: Click t create the image. Open the HOTPin app n yur smart device. Chse Imprt frm QR Cde. Scan the QR Cde. Enter the passphrase. Click n Imprt (IPhne) r OK with Andrid). Yu are nw able t generate a ne time passwrd and this cmpletes the ne time device prvisining prcess. Lg n back t the user prvisining website and chse HOTPin t authenticate. Further Help Fr further help, g t http://www.celestix.cm