Multifactor Authentication Installation and Configuration Guide

Similar documents
A Quick start Guide. Version General Information: Online Support:

Cloud Identity Management Tool Quick Start Guide

Active Directory Reporter Quick start Guide

Active Directory Manager Pro Quick start Guide

Active Directory Change Notifier Quick Start Guide

One Identity Active Roles 7.2

EAM Portal User's Guide

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

One Identity Password Manager User Guide

Authentication Service Api Help Guide

Dell Statistica. Statistica Enterprise Server Installation Instructions

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Metalogix Intelligent Migration. Installation Guide

SonicWall Global VPN Client Getting Started Guide

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

FAQ. General Information: Online Support:

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

Security Removable Media Manager

Cloud Identity Minder Authentication WebService Usage Guidelines

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Authentication Manager Self Service Password Request Administrator s Guide

One Identity Starling Two-Factor HTTP Module 2.1. Administration Guide

One Identity Active Roles Diagnostic Tools 1.2.0

One Identity Starling Two-Factor Authentication. Administration Guide

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Metalogix ControlPoint 7.6. for Office 365 Installation Guide

Quest One Password Manager

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Metalogix Content Matrix 8.7. Quick Start Guide

SharePoint Farm Reporter Installation Guide

SQL Optimizer for Oracle Installation Guide

Management Console for SharePoint

Quest Collaboration Services 3.6. Installation Guide

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Security Removable Media Manager

SPListX for SharePoint Installation Guide

Quest Unified Communications Diagnostics Data Recorder User Guide

Toad Edge Installation Guide

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Quest Migrator for Notes to Exchange SSDM User Guide

Release Date March 10, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60610, USA Phone: (312)

Quest Enterprise Reporter 2.0 Report Manager USER GUIDE

Toad DevOps Toolkit 1.0

Release Date September 30, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60654, USA

One Identity Defender 5.9. Product Overview

Quest Migration Manager Upgrade Guide

CompleteView Admin Console User Manual. CompleteView Version 4.6

Quest Knowledge Portal 2.9

x10data Application Platform v7.1 Installation Guide

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

One Identity Starling Two-Factor Authentication. Administrator Guide

Metalogix Migrator 4.7. Install Guide

Dell Migration Solutions for SharePoint 4.8. User Guide

Metalogix ControlPoint 7.6. Advanced Iinstallation Guide

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Toad Edge Installation Guide

Security Explorer 9.1. User Guide

Spotlight Management Pack for SCOM. User Guide

Setting up the DR Series System on Acronis Backup & Recovery v11.5. Technical White Paper

One Identity Quick Connect Express

Spotlight on SQL Server Enterprise Spotlight Management Pack for SCOM

Dell Secure Mobile Access Connect Tunnel Service User Guide

Quest Recovery Manager for Active Directory 9.0. Quick Start Guide

Metalogix Essentials for Office Creating a Backup

Rapid Recovery License Portal Version User Guide

KACE GO Mobile App 5.0. Getting Started Guide

Installation Guide. NSi AutoStore TM 6.0

Dell SonicWALL SonicOS 5.9 Upgrade Guide

MySonicWall Secure Upgrade Plus

About One Identity Quick Connect for Base Systems 2.4.0

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

Quest Code Tester for Oracle 3.1. Installation and Configuration Guide

How to Show Grouping in Scatterplots using Statistica

Toad Intelligence Central 3.3 New in This Release

About Toad for Oracle 2017 Editions 2. Product release notes 4. Installation 5

One Identity Quick Connect for Base Systems 2.4. Administrator Guide

GoldSim License Portal A User s Guide for Managing Your GoldSim Licenses

Security Removable Media Manager

One Identity Manager 8.0. Administration Guide for Connecting to Azure Active Directory

Computer Management* (IEA) Training Foils

Quest ChangeAuditor 5.1 FOR LDAP. User Guide

Toad Edge 2.0 Preview

Dell MessageStats for Lync User Guide

Quest Recovery Manager for Active Directory Forest Edition 9.0. Quick Start Guide

One Identity Active Roles 7.2. Configuration Transfer Wizard Administrator Guide

Scribe Insight Installation Guide. Version August 10, 2011

Setting up Quest QoreStor as an RDA Backup Target for NetVault Backup. Technical White Paper

NET SatisFAXtion TM Configuration Guide For use with AT&T s IP Flexible Reach Service And IP Toll Free Service

Dell Change Auditor 6.5. Event Reference Guide

Metalogix Archive Manager for Files 8.0. IIS Installation

Panaboard Overlayer User's Guide. Image Capture Software for Electronic Whiteboard (Panaboard)

Partner Integration Portal (PIP) Installation Guide

Quest Migration Manager for Exchange Resource Kit User Guide

Server Installation Guide

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

Setting up the DR Series System with vranger. Technical White Paper

Toad Data Point - Professional Edition. The Toad Data Point Professional edition includes the following new features and enhancements.

Dell GPOADmin 5.7. About Dell GPOADmin 5.7. New features. Release Notes. December 2013

Transcription:

Multifactor Authentication Installation and Configuration Guide Software Version 5.0.0.0 General Information: info@cionsystems.com Online Support: support@cionsystems.com

2017 CionSystems Inc. ALL RIGHTS RESERVED. This guide may not be reproduced or transmitted in part or in whole by any means, electronic or mechanical, including photo copying and recording for any purpose other than the purchaser's use under the licensing agreement, without the written permission of CionSystems Inc. The software application in this guide is provided under a software license (EULA) or non-disclosure agreement. This product may only be used in accordance with the terms of the applicable licensing agreement. This guide contains proprietary information protected by copyright. For questions regarding the use of this material and product, contact us at: CionSystems Inc. 6640 185 th Ave NE Redmond, WA-98052, USA http://www.cionsystems.com Phone: +1.425.605.5325 Trademarks CionSystems, CionSystems Inc., the CionSystems Inc. logo, CionSystems Enterprise Self-Service and two factor authentication are trademarks of CionSystems. Other trademarks and registered trademarks used in this guide are property of their respective owners. 1 P a g e

Table of Contents Introduction... 3 Prerequisites... 3 System Requirements... 3 Installation of Enterprise Self-Service Portal... 4 Configuring database for Enterprise Self-Service Portal... 7 Configuring Enterprise Self-Service Portal... 10 Configuration of Domain... 11 Configuring SMTP and SMS settings:... 12 Create User Policy... 13 Create User... 14 User Registration... 15 Self-Extractor creation steps for CionSystems Multifactor... 18 1.By using 7-Zip file archiver... 18 Steps for x64 self-extractor... 18 2.By using IExpress... 21 IExpress... 21 Prerequisites... 21 IExpress Wizard... 21 User Login... 33 Installing Multifactor... 34 How to Use... 39 Update Off-Line Configuration... 42 Update Unlock Key... 43 2 P a g e

Introduction Your Laptop/PC is the key to many things you do on a day to day basis. It's important that only you have the ability to access your device, update your device and access the data you store. CionMFA is a feature you can use to keep your personal information as secure as possible. Multi Factor Authentication is an additional security feature for your Windows Machines that's designed to prevent anyone from accessing or using your computer, even if they know your password. It requires you to verify your identity using first factor i.e. your username and password and second factor which only you knows or you have, it can be Your USB disk or OTP in send on your mobile or email address and security questions which only you knows Prerequisites Ensure that you have installed and configured Enterprise Self-Service. Add the domain and Office365 domain to Enterprise Self-Service. For more information about Enterprise Self-Service please refer to the product quick start guide. System Requirements CionSystems Enterprise Self-Service Requirements: 8GB RAM 50 MB of disk space. Web Browser IE 5.5 or higher. Windows Server 2000, 2003, 2008, 2008R2, 2012, 2012R2, 2016 IIS server 5.1 or higher. Microsoft.NET 4.0 Framework. Optional - Access to Exchange Server 2003, Exchange Server 2007 or higher. Access to Windows Active Directory (2000, 2003, 2008, 2012, 2016). SQL Server 2008 or higher Full or Express Edition. Windows Installer 3.1. Optional - For exchange 2007(or higher) support, please install Exchange 2007 (or higher) management tools on your system. 3 P a g e

Installation of Enterprise Self-Service Portal The Enterprise Self-Service Portal installation process is as follows: 1. Open the file where "EnterpriseSelfServicePortal.msi" was saved. 2. Double click on EnterpriseSelfServicePortal.msi file Note: You will have to choose Run as administrator on a user control enabled system. 3. Click Next 4 P a g e

4. Click Next 5. Select I Agree and click Next 5 P a g e

6. Confirm the installation and click Next 6 P a g e

7. Provide Username and Password and click OK Configuring database for Enterprise Self-Service Portal 8. SQL Server Configuration pop up window appears, if you are installing the application for the first time then click Create New Database. In Configuration Details, you can select SQL Authentication or Windows Authentication. Note: To use Use Existing Database radio button, AD_SELF_SERVICE database should be already exist in the selected SQL database server If AD_SELF_SERVICE database already exist in the selected SQL database server and if you choose Create New Database radio button, then old database will be deleted and new database will be created. 7 P a g e

For SQL Authentication, enter SQL database server name, select SQL Authentication, and enter Login and Password details. Enter valid details and click Test Connection. If Test Connection displays Connected Successfully message, then click Next. For Windows Authentication, enter SQL database server name, select Windows Authentication, here Login and Password will be grayed out. Enter valid details and click Test Connection. If Test Connection displays Connected Successfully message, then click Next. 8 P a g e

9. Click Close. Installation completed successfully. 9 P a g e

Configuring Enterprise Self-Service Portal Admin configures the Enterprise Self-Service Portal, audit, customize the portals, manage users, and delegate authority via the Administrative Portal. 1. Click windows Start button>all Programs>Enterprise Self-Service Portal >Enterprise Self-Service Portal icon. (OR) Click Enterprise Self-Service Portal icon on desktop. Figure: Login page in ESSP for Admin 2. The login screen will open in the default web browser. To login to the application for the first time; Enter admin in the User Name dialogue box Enter admin in the Password dialogue box Note: It is recommended that user name and password should be changed after the application has been launched 10 P a g e

Configuration of Domain Enter all required domain details and configure the domain. a. Enter Domain Controller name b. Domain name c. Domain User name d. Domain Password Click Fetch Figure: Domain configuration in ESSP Select one controller as primary and click Save, domain will be added. 11 P a g e

Configuring SMTP and SMS settings: To receive automated e-mail notifications and alerts from the Enterprise Self-Service application, these settings must be configured properly. Fill in the fully qualified domain name or IP address of the SMTP server ( Mail Server ) and the sender e-mail address ( From E-mail Address ) as indicated in below figure. Figure: SMTP and SMS settings in ESSP 12 P a g e

Create User Policy To create user policy, go to Customization Click User Policy Click Create Enter Policy name Select OU Select the policies that you want to configure Click Save Figure: User Policy creation in ESSP 13 P a g e

Create User For user creation, go to User Management tab, click Create User link Figure: User creation in ESSP Fill the details, click Create button, user will be created successfully. 14 P a g e

User Registration For user registration, go to User Login page, click Register User tab. Figure: User Login page in ESSP 1. Provide Username and Password and click OK, an email will be sent to user specified email address 15 P a g e

2. Then user will receive a mail with security PIN Copy the secret code to validate registration and click on the link Enterprise Self-Service Portal 3. Copy and paste the PIN and click Ok. 16 P a g e

Figure: User security questions configuration in ESSP 4. Now user has to configure the Selectable Questions & Answers (Challenging Questions) and click Save. 5. You should see a message that says User registered Successfully. Click Ok 17 P a g e

Self-Extractor creation steps for CionSystems Multifactor As an admin, you have to create a MultiFactorAuthInstaller.exe file from its.msi file. We can create installer in two ways: 1. By using 7-Zip file archiver 2. By using IExpress tool 1. By using 7-Zip file archiver Install 7-Zip file archiver tool on server machine where the Enterprise Self-Service portal is installed. You will find its setup file in 7zip_setup folder. After installation, unzip the contents of SelfExtractor.zip file to a location (Eg: D:\SelfExtractor ). After unzipping, you can see the following files: o o o 7zS.sfx config_x64.txt CreateSelfExtractor_x64.bat Now copy the MultiFactorAuthInstaller_x64.msi file to the same location D:\SelfExtractor Steps for x64 self-extractor Right click on MultiFactorAuthInstaller_x64.msi select 7-Zip click Add to archive 18 P a g e

Keep the default options and press OK This will create a file with the name MultiFactorAuthInstaller_x64.7z in the same location (D:\SelfExtractor) Now open config_x64.txt file either in Notepad or in Notepad++ Look for the msi file name, it should be exactly same as the msi file (MultiFactorAuthInstaller_x64.msi), look for SERVICEADDRESS and change the ip value in address with ip value of the server where the Enterprise Self-Service Portal is installed http://192.168.0.197/adselfservice/services/userauthenticationservice.asmx 19 P a g e

Now open the CreateSelfExtractor_x64.bat file in Notepad or in Notepad++, the first parameter MultiFactorAuthInstaller_x64.7z is the input file for which installer needs to be created, the second one is output of this i.e. installer.exe file (MultiFactorAuthInstaller_x64.exe), the output name can be changed to any name of your choice. Double click on CreateSelfExtractor_x64.bat file You should see MultiFactorAuthInstaller_x64.exe in the location D:\SelfExtractor Now copy the installer MultiFactorAuthInstaller_x64.exe from the created location and paste/replace in the path: C:\inetpub\wwwroot\ADSelfService\Temp Changes will take effect after restart the IIS (Internet Information Services). To restart the IIS, open command prompt in administrator mode, type IISReset and press Enter. 20 P a g e

2. By using IExpress By using IExpress tool you can create EXE format installer executable file from MSI setup file to release MultiFactorAuthInstaller in standard EXE installer setup format. IExpress IExpress is a Microsoft tool that is included in Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows 8. It uses a Self-Extraction Directive (.SED) file to store information about your package. When you run the IExpress Wizard, you can start with an existing.sed file or create a new one by using the wizard. The.SED file contains information and instructions about the setup package. Prerequisites Use Windows 8.1 or Windows 7/10 machine for creating self-extractor. Also, for 32 bit, use 32-bit machine and for 64 bit, use 64-bit machine. IExpress Wizard 1. In search box type iexpress, select iexpress.exe, right click on it and choose Run as administrator. IExpress Wizard will be started with the below screen. 2. Select Create new Self-Extraction Directive file option and click Next 21 P a g e

3. Select Extract files and run an installation command option and click Next 4. In the text box enter CionSystems Multifactor, click Next 22 P a g e

5. Select Prompt user with option and enter "Do you want to install CionSystems Multifactor?" in the text box. Click Next 6. Select Do not display a license option and click Next 23 P a g e

7. Click Add button, a dialog box for file selection will come. Browse to location where MultiFactorAuthInstaller.msi file is located and select the same. For x64 bit, select 64-bit version of msi and for x86, select 32-bit version of msi. In this case for example, MultiFactorAuthInstaller_x64.msi is selected. Click Open button. 24 P a g e

8. Click Next 9. In the Install Program text box, enter the following text (which is in double quotes marked with yellow color) 25 P a g e

For x64: ESSP Url: msiexec.exe /imultifactorauthinstaller_x64.msi SERVICEADDRESS=http://192.168.0.197/ADSelfService/Services/UserAuthenticationService.asmx LOCALPORTNO=9002 Note: Enter the text without double quotes In the above text, replace the ip and port values (which are marked with red circles) with ip and port values of the server where the Enterprise Self- Service Portal is installed. If the assigned port is being used by some other application on the machine, setup will automatically pickup a random port which is open. 10. Keep the default Post Install Command value as <None> and click Next 26 P a g e

11. Keep the Default (recommended) option selected and click Next 12. Keep the default No Message option selected and click Next 27 P a g e

13. Click Browse button. A file dialog box will open 28 P a g e

14. Go to location where you want to store self-extractor. In this case e.g. I kept the same location where.msi file are placed. Also in file name, give the file name of self-extractor. I have given the same name as msi MultiFactorAuthInstaller_x64 and then click Save button. 15. Select the checkbox Store files using Long File Name inside Package 16. Click Yes on popup dialog box. 17. Click Next 29 P a g e

18. Select No restart from the option list, click Next 19. Keep the default Save Self Extraction Directive (SED) file option selected and click Next 30 P a g e

20. Click Next 21. If the process is successful, self-extractor will be created in the location selected at step 14. 31 P a g e

22. Click Finish 23. Now copy the installer from the created location and replace in the following path: C:\inetpub\wwwroot\ADSelfService\Temp 24. Changes will take effect after restart the IIS (Internet Information Services). To restart the IIS, open command prompt in administrator mode, type IISReset and press Enter. 32 P a g e

User Login After restarting the IIS, need to download and install the installer MultiFactorAuthInstaller.exe 1. Take one domain joined machine which is joined with a domain controller where the Enterprise Self- Service portal is installed 2. Now access the url of Enterprise Self-Service Portal which is installed on domain controller http://192.168.0.197/adselfservice/frmuserlogin.aspx 3. Login with Username and Password Figure: User Self Update page in ESSP 4. After login, click on Install Credential Provider link 5. Installer will be downloaded. 33 P a g e

Installing Multifactor The Multifactor Authentication installation process is as follows: 1. Double click on installer 2. Click on Run 3. Click on Yes on below pop up dialog box. 4. Multif-Factor Auth For All setup wizard will be started 5. Click Next 34 P a g e

6. Select the checkbox I accept the terms in the License Agreement and click Next 7. If you want offline support, select Yes 35 P a g e

8. If you don t want offline support, then select No and click Next 9. If you select Yes, Offline support configuration window appears. The default key update is 7 days; you can enter 7 to 30 days. You will need USB disk at the end of the installation to store offline key in USB disk. Click Next 36 P a g e

10. Click Install 11. Click Finish 37 P a g e

12. Immediately a popup will occur. To generate offline key click Yes 13. Select the USB disk to generate the key 14. It will show the message Your unlock key has been generated and stored in USB disk successfully 15. Click on Close button 38 P a g e

How to Use 1. After Installation of Multifactor in your system, restart your system or lock your system (Ctrl+Alt+Del). 2. Before login to your system, remove USB disk from port. 3. Now, login to your system by entering username and password. After successfully authenticating your username and password, you will get the following options to login. a. USB Key (Support offline is set to Yes during installation) b. Send OTP to Email c. Send OTP to Mobile d. Answer Security Questions 39 P a g e

Figure: Multifactor authentication with USB Key If you choose the USB Key option then it s ask to attach USB disk into your machine and click on arrow to login. This option also works when no network connection. Figure: Multifactor authentication with Send OTP to Email If you choose the Send OTP to Email option then OTP will be sent to your Email Id. 40 P a g e

Figure: Multifactor authentication with Send OTP to Mobile If you choose the Send OTP to Mobile option then OTP will be sent to your mobile. Figure: Multifactor authentication with Answer Security Questions If you choose the Answer Security Questions option then answer your security questions. 41 P a g e

Update Off-Line Configuration Steps to update the offline configuration settings are as follows: 1. Click Show hidden icons on the task bar and select CionSystems Multi-Factor Auth For All. 2. Right click on CionSystems Multi-Factor Auth For All and select Update Off-Line Configuration. 42 P a g e

Figure: Update offline configuration in Multifactor 3. Update offline configuration window appears. Select Is offline support required check box and enter the Key Expire Time between 7 to 30 days. Click Update 4. Click Close Update Unlock Key Steps to update the unlock key are as follows: 1. Click Show hidden icons on the task bar and select CionSystems Multi-Factor Auth For All 2. Right click on CionSystems Multi-Factor Auth For All and select Update Unlock Key. 43 P a g e

Figure: Update unlock key in Multifactor 3. Attach the USB disk to your machine and click Update Key button. 4. It will show the message Unlock key has been updated successfully, finally click on Close button. 44 P a g e

Contact Notes: For technical support or feature requests, please contact us at Support@CionSystems.com or 425.605.5325 For sales or other business inquiries, we can be reached at Sales@CionSystems.com or 425.605.5325 If you d like to view a complete list of our Active Directory Management solutions, please visit us online at www.cionsystems.com Disclaimer The information in this document is provided in connection with CionSystems products. No license, express or implied, to any intellectual property right is granted by this document or in connection with the sale of CionSystems products. EXCEPT AS SET FORTH IN CIONSYSTEMS LICENSE AGREEMENT FOR THIS PRODUCT, CIONSYSTEMS INC. ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL CIONSYSTEMS INC. BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF CIONSYSTEMS INC. HAS BEEN ADVISED IN WRITING OF THE POSSIBILITY OF SUCH DAMAGES. CionSystems may update this document or the software application without notice. CionSystems Inc 6640 185 th Ave NE, Redmond, WA-98052, USA www.cionsystems.com Ph: +1.425.605.5325 This guide is provided for informational purposes only, and the contents may not be reproduced or transmitted in any form or by any means without our written permission. 45 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback