Advanced Authentication - Administration
- Advanced Authentication - Administration
- Introduction to Advanced Authentication
- How Advanced Authentication Is Better Than Other Solutions
- Key Features
- Advanced Authentication Server Components
- Administration Portal
- Self-Service Portal
- Helpdesk Portal
- Reporting Portal
- Architecture
- Basic Architecture
- Enterprise Level Architecture
- Enterprise Architecture With A Load Balancer
- Terminology
- Authentication Method
- Authentication Chain
- Authentication Event
- Endpoint
- Tenant
- Configuring Advanced Authentication
- Managing the Appliance
- Configuring Network Setting
- Configuring the Proxy Settings
- Configuring Time Settings
- Managing Digital Certificates
- Accessing System Services
- Starting, Stopping, or Restarting System Services
- Making System Services Automatic or Manual
- Configuring the Firewall
- Configuring the Ports and Firewall
- Configuring Firewall for Advanced Authentication as a Service
- Setting Administrative Passwords
- Adding a Field Patch to the Appliance
- Sending Information to Support
- Performing an Online Update
- Performing Offline Updates
- Adding Additional Hostnames to the Hosts File
- Performing a Product Upgrade
- Rebooting or Shutting Down the Server
- Restarting the Server Using Configuration Console options
- Restarting the Advanced Authentication Server in Kubernetes
- Logging Out
- Configuring Global Master Server
- Logging In to the Advanced Authentication Administration Portal
- End to End Configuration with Examples
- Implementing Multi-Factor Authentication to VPN
- Prerequisites
- Considerations Before Configuration
- Add a Repository
- Configure Methods
- Create a Chain
- Configure Public External URLs Policy
- Assign Chain to RADIUS Server Event
- Configure the OpenVPN Server
- End User Tasks
- Enroll the Smartphone Method
- Authenticate to OpenVPN Using Advanced Authentication
- Securing Windows Workstation with Multi-Factor Authentication
- Prerequisites
- Points to Consider Before Configuration
- Configure Methods
- Create a Chain
- Configure SMS Sender Policy
- Assign Chain to Windows Logon Event
- End User Tasks
- Enroll the FIDO U2F Method
- Enroll the SMS OTP Methods
- Authenticate to the Windows Workstation Using Advanced Authentication
- Configuring TOTP from Desktop OTP Tool as One of the Factors to Access a Corporate Portal
- Prerequisites
- Configure Methods
- Create a Chain
- Create a SAML2 Event
- Configure Web Authentication Policy
- Obtaining the Signing Certificate of Advanced Authentication
- Configure Google Workspace
- Generate and Send an Enrollment Link to Users
- End User Tasks
- Enrolling Card Method
- Enrolling TOTP Method Using the Desktop OTP Tool
- Authenticate to Google Workspace
- Integrate Advanced Authentication and Office 365 without Using AD FS
- Prerequisites
- Administrator Tasks
- Configure Methods
- Create Chain
- Create SAML2 Event
- Configuring Policies
- Configuring Server Option
- Enabling Single Sign-On to Microsoft Office 365
- End User Tasks
- Enrolling Card Method
- Authenticating on Office 365
- Integrate Advanced Authentication and Office 365 Using AD FS
- Prerequisites
- Administrator Tasks
- Configure Methods
- Create a Chain
- Create SAML2 Event
- Configuring Policies
- Enable Multi-Factor Authentication to Microsoft Office 365
- End User Tasks
- Enrolling Card Method
- Authenticating on Office 365
- Configuring the Advanced Authentication Settings
- Managing Dashboard
- Adding Widgets
- Pie Chart
- Stacked Chart
- Activity Stream
- Enroll Activity Stream
- Users
- Authenticators
- Licenses
- Event Count Line Chart
- Events Count Line Chart Grouped by Field
- Distinct Events Count Line Chart
- Distinct Events Count Line Chart Grouped by Field
- Customizing Dashboard
- Updating Dashboard to View Real Time or Historical Data
- Customizing the Default Widgets
- Server Metrics
- Tenants
- Billing
- Logons Per Result
- Total Users
- Total Users Per Event
- Activity Stream
- Successful/Failed Logons
- Top Events With Successful Logon Per Chain
- Top Events With Failed Logon Per Method
- Top 10 Events
- Top 10 chains With Successful Result
- Top 10 Servers
- Top 10 Tenants
- Top 10 Repositories
- Top 5 Events for Logons
- Top 5 Users for Logons
- Top 10 Users With Failed Logon
- Top 10 Users
- Top 10 Methods With Failed Result
- Exporting Widgets
- Managing Tenant
- Adding a Tenant
- Disabling a Tenant
- Enabling a Tenant
- Adding a Repository
- Adding an LDAP Repository
- Advanced Settings
- User Lookup Attributes
- User Name Attributes
- User Mail Attributes
- User Cell Phone Attributes
- User ID/Passport Number Attributes
- User Social Security Number Attribute
- Group Lookup Attributes
- Group Name Attributes
- Verify SSL Certificate
- Enable Paged Search
- Enable Nested Groups Support
- Framed IPv4 Address Attribute
- Custom Attributes to Fetch
- Custom Attributes to return
- Used Attributes
- Adding an AD LDS Repository with the Configured AD LDS Proxy
- Customizing LDAP Attributes in the SAML Assertion
- Adding an SQL Database
- Adding a Cloud Bridge External Repository
- Advanced Settings
- Fast Sync Enabled
- Time Between Fast Syncs
- User Lookup Attributes
- User Name Attributes
- User Mail Attributes
- User Cell Phone Attributes
- Group Lookup Attributes
- Group Name Attributes
- Custom Attributes to Fetch
- Custom attributes to return
- Cloud Bridge Attributes
- Used Attributes
- Health Check Settings
- Synchronizing Cloud Bridge Repository
- Testing Cloud Bridge
- Force Configuring Cloud Bridge
- Enabling Fast Synchronization for eDirectory Repository
- Adding an External Repository
- Local Repository
- Adding a SCIM Managed Repository
- Configuring Methods
- Customizing Methods Name
- Configuring Tenancy Settings
- Capabilities of Authentication Methods
- Apple Touch ID
- BankID
- Bluetooth
- Bluetooth eSec
- Card
- Denmark National ID
- Device Authentication
- Windows Trusted Platform Module (TPM)
- Adding the Trusted Root Certificates
- Disabling the Key-Pair Option
- Without Using the Trusted Platform Module (Non-TPM)
- Email OTP
- Customizing Email Settings for an Event
- Emergency Password
- Facial Recognition
- Azure Cognitive Service
- Contactable KYC Service
- FIDO2
- Fingerprint
- Flex OTP
- HANIS Face
- HANIS Fingerprint
- LDAP Password
- OATH OTP
- HOTP
- Configuring Yubikey for Advanced Authentication Server
- TOTP
- Generating an Enrollment Link
- Sending an Enrollment Link Through Email
- Importing PSKC or CSV Files
- CSV File Format To Import OATH Compliant Tokens
- Out-of-band
- Authentication Agent for Windows
- Authentication Agent for Web
- Password
- PKI
- PKI Device
- Adding the Trusted Root Certificates
- Disabling the Key-Pair Option
- Virtual Smartcard
- Importing Client SSL Certificate to a Certificate Store
- RADIUS Client
- SAML Service Provider
- Security Questions
- Adding Questions
- Smartphone
- Configuring Smartphone Method
- Configuring Enrollment Link
- Setting Up Geo-fence for Smartphone
- Priority Vendor Requirements
- SMS OTP
- Swisscom Mobile ID
- FIDO U2F
- Configuring the Certificate Settings
- Configuring Facets
- Configuring Yubikey for Advanced Authentication Server
- Configuring a Web Server to Use the FIDO U2F Authentication
- Adding DNS Entries
- Voice
- Voice OTP
- Web Authentication Method
- SAML for Advanced Authentication
- An Example Configuration with ADFS
- OpenID Connect for Advanced Authentication
- Integrating Third Party Applications with Advanced Authentication Using OpenID Connect
- OAuth 2.0 for Advanced Authentication
- Windows Hello
- Creating a Chain
- Configuring Events
- Configuring an Existing Event
- ADFS Event
- AdminUI Event
- Authentication Agent Event
- Authenticators Management Event
- Desktop OTP Tool Event
- Helpdesk Event
- Helpdesk User Event
- Linux Logon Event
- Mac OS Logon Event
- Mainframe Logon Event
- NAM Event
- NCA Event
- OAuth Event
- OOB UI Logon Event
- RADIUS Server Event
- Report Logon Event
- Search Card Event
- Smartphone Enrollment Event
- Tokens Management Event
- Windows Logon Event
- Creating a Customized Event
- Creating a Generic Event
- Creating an OS Logon (Domain) Event
- Creating an OAuth 2.0 / OpenID Connect Event
- Creating a SAML 2.0 Event
- Creating a RADIUS Event
- Managing Endpoints
- Configuring Policies
- Authentication Agent
- Authenticator Management Options
- Enabling Sharing of Authenticators for the Helpdesk Administrators
- Disabling Re-Enrollment of the Authenticators
- Cache Options
- CEF Log Forward Policy
- Custom Branding
- Customizing the Login Page of Web Authentication Events
- Example of Customizing a Login Page
- Custom CSS
- Custom Messages
- Customizing Messages in the Custom Localization File
- Customizing a Specific Message on the Portal
- Customizing Authentication Request Message For Smartphone Method
- Customizing Prompt Messages of the Authentication Methods for RADIUS Event
- Customizing the Messages for Clients
- Localizing the Web UI and Messages
- Database Options
- Delete Me Options
- Endpoint Management Options
- Enrollment Options
- Event Categories
- Geo Fencing Options
- Google reCAPTCHA Options
- Registering the Google reCAPTCHA Account
- Configuring Google reCAPTCHA for Advanced Authentication
- Enabling the Google reCAPTCHA Options Policy for Events
- Help Options
- Helpdesk Options
- HTTPS Options
- Kerberos SSO Options
- Linked Chains
- Lockout Options
- Login Options
- Logon Filter for Active Directory
- Mail Sender
- Multitenancy Options
- Password Filter for Active Directory
- Public External URLs (Load Balancers)
- RADIUS EAP-TTLS-PAP Options
- RADIUS Options
- Input Rule
- Event Selection Rule
- Chain Selection Rule
- Result Specification Rule
- Adding Clients
- Rate Limiting Options
- Replica Options
- Reporting Options
- SMS Sender
- Generic
- Clickatell
- SignalWire
- LOX
- Twilio
- MessageBird
- Users Synchronization Options
- Voice Sender
- Web Authentication
- Configuring the Identity Provider
- Downloading the Identity Provider SAML Metadata
- Configuring Timeout
- Disabling the Authentication Chain Selection
- Enabling the Client Event Selection
- Enabling the Client Chain Selection
- Customizing Messages and Authentication Method Names for the Web Authentication Events
- Configuring the Server Options
- Uploading the SSL Certificate
- Generating OSP Keystores
- Customizing the Login Page Background
- Uploading a Keytab File
- Adding a License
- Backup and Restoring the Database
- Backing Up the Database
- Backing Up the Database Through Console
- Restoring the Database
- Restoring the Database from Appliance
- Restoring the Database from an External Server
- Restoring the Database from Local File
- Scheduling Backup
- Scheduling Backup
- Scheduling Synchronization of Backups to a FTP Server
- Scheduling Removal of Old Backup Files
- Scheduling Synchronization of Backups to a FTPS Server
- Exporting Tenant
- Adding a Report
- Configuring a Cluster
- Registering a New Site
- Registering a New Server
- Monitoring Outgoing Replication Batches
- Resolving Conflicts
- Installing a Load Balancer for Advanced Authentication Cluster
- Installing nginx on Ubuntu 16.04
- Configuring nginx
- Configuring Advanced Authentication Client
- Restoring Operations When a Global Master Server is Broken
- Restoring Operations When a Database Master of the Secondary Site is Broken
- Managing Access to the Advanced Authentication Web Portals
- Enrolling the Authentication Methods
- Scripts Option
- Generating RADIUS script
- Configuring Risk Settings
- Configuring Risk Service
- Monitoring Risk Audit Logs
- Understanding How Risk Service Works through Scenarios
- Assessing Risks Based on the IP Address
- Allowing Employees to Access the Human Resources Portal Outside the Corporate Network
- Troubleshooting Risk Service Configuration
- An Error in Syslog When the Risk Service License Is Not Applied
- Cannot Read the Log File Error in Risk Logs
- Configuring Integrations
- OAuth 2.0
- Building Blocks of OAuth 2.0
- OAuth 2.0 Roles
- OAuth 2.0 Grants
- Authorization Code
- Implicit Grant
- Sample OAuth 2.0 Application Integrated with Advanced Authentication
- Running the Sample Web Application
- OAuth 2.0 Attributes
- Non Standard Endpoints
- RADIUS Server
- SAML 2.0
- Integrating Advanced Authentication with SAML 2.0
- Requesting Advanced Authentication Methods and Chains Through a SAML AuthnRequest
- Examples of Integrations
- Configuring Integration with Barracuda
- Configuring the Advanced Authentication RADIUS Server
- Configuring the Barracuda SSL VPN Appliance
- Authenticating on Barracuda SSL VPN Using Advanced Authentication
- Configuring Integration with Citrix NetScaler
- Configuring the Advanced Authentication RADIUS Server
- Configuring the Citrix NetScaler Appliance
- Authenticating on the Citrix NetScaler Using Advanced Authentication
- Configuring Integration With Dell SonicWall SRA EX-Virtual Appliance
- Configuring the Advanced Authentication RADIUS Server
- Configuring the Dell SonicWall SRA Appliance
- Authenticating on Dell SonicWall Workspace Using Advanced Authentication
- Configuring Integration with FortiGate
- Configuring the Advanced Authentication RADIUS Server
- Configuring the FortiGate Appliance
- Authenticating on FortiGate Using Advanced Authentication
- Configuring Integration with OpenVPN
- Configuring the Advanced Authentication RADIUS Server
- Configuring the OpenVPN Appliance
- Configuring Integration with Palo Alto GlobalProtect Gateway
- Adding the RADIUS Server
- Adding an Authentication Profile
- Configuring GlobalProtect Gateway
- Configuring Integration with Salesforce
- Configuring the Advanced Authentication SAML 2.0 Event
- Configuring to Authenticate on Salesforce with SAML 2.0
- Obtaining the Signing Certificate of Advanced Authentication
- Configuring the Salesforce Domain Name
- Configuring the SAML Provider
- Verifying Single Sign-On to Salesforce
- Configuring Integration with ADFS
- Configuring the Advanced Authentication SAML 2.0 Event
- Making the Corresponding Changes in ADFS
- Configuring Integration with Google G Suite
- Obtaining the Signing Certificate of Advanced Authentication
- Configuring Google G Suite
- Configuring the Advanced Authentication Event
- Configuring to Authenticate on Google G-Suite with SAML 2.0
- Verifying Single Sign-on to Google Suite
- Configuring Integration with Citrix StoreFront
- Exporting the Token Signing Certificate from ADFS
- Configuring the Authentication Methods on Citrix StoreFront
- Creating the Relying Party Trust on ADFS
- Configuring the SAML 2.0 Event on Advanced Authentication
- Creating the Claims Party Trust on ADFS
- Configuring Integration with Office 365
- Configuring Advanced Authentication SAML 2.0 Event
- Making the Corresponding Changes in ADFS
- Authenticating on Office 365
- Configuring Integration with Sentinel
- Configuring the CEF Log Forward Policy on Advanced Authentication
- Searching the Events on Sentinel
- Configuring Integration with Office 365 without Using ADFS
- Configuring the Advanced Authentication SAML 2.0 Event
- Configuring the Identity Provider URL
- Obtaining the Signing Certificate of Advanced Authentication
- Enabling Single Sign-On to Office 365
- Enabling Directory Synchronization in Office 365
- Federating the Custom Domain using Advanced Authentication
- Verifying Single Sign-On to Office 365
- Configuring Integration with Cisco AnyConnect
- Configuring the Advanced Authentication RADIUS Server
- Enabling the Connection Profile in Cisco ASA
- Creating a Group Policy in Cisco ASA
- Adding a RADIUS Token Server in Cisco ISE
- Configuring Policy Sets in Cisco ISE
- Authenticating to Cisco AnyConnect Using Advanced Authentication
- Configuring Integration with GitLab
- Configuring GitLab for Advanced Authentication
- Creating the Relying Party Trust on ADFS
- Creating the Claims Party Trust on ADFS
- Configuring the SAML 2.0 Event on Advanced Authentication
- Configuring Integration with Filr
- Configuring Integration with DUO Authentication Proxy
- Configuring the Advanced Authentication RADIUS Client
- Configuring the DUO Authentication Proxy
- Configuring Integration with ArcSight
- Configuring ArcSight
- Configuring the SAML 2.0 Event on Advanced Authentication
- Authenticating on ArcSight with SAML 2.0
- Configuring Integration with Azure
- Configuring Advanced Authentication SAML 2.0 Event
- Configuring ADFS
- Authenticating on Azure
- Configuring Integration with Amazon Web Services Single Sign-On
- Downloading the SAML Metadata of Advanced Authentication
- Setting-up AWS Single Sign-On
- Configuring a SAML 2.0 Event on Advanced Authentication
- Verifying the Integration
- Maintaining Advanced Authentication
- Logging
- Syslog
- RADIUS Logs
- Async Logs
- Web Server Logs
- Replication Logs
- Superuser Logs
- Background Tasks Logs
- Long Tasks Logs
- Long Scheduler Logs
- NGINX Errors Logs
- WebAuth Logs
- Fingerprint Logs
- Risk Service Logs
- Disaster Recovery
- Restoring a Cluster
- Creating a Backup
- Exporting the Database
- Recovering by Restoring the Backup
- Prerequisite for Restoring
- Importing the Database
- Re Adding the LDAP Servers on All the DB Master(s)
- Rejoining the Cluster
- Database Server is Down
- Web Server is Down
- Database Master is Down
- Site is Down
- Register a New Site on the Global Master Server
- Database Master Server Restore
- Reporting
- Searching a Card Holder’s Information
- Troubleshooting
- Administration Portal Is Accessible Without Any Authentication
- Error During the Deployment of ISO File and Installation in the Graphic Mode
- Partition Disks to Avoid Removal of Data
- The ON/OFF Switch Is Broken If the Screen Resolution Is 110%
- Error When Performing an Update
- Error While Logging In to Citrix StoreFront Again
- Users Can Login Using the Old Password
- Command Line Scripts to Re-initiate Replication and Resolve Conflicts
- Rereplicate
- Drop Triggers
- Purge
- Copy DB
- Troubleshooting the Outgoing Batches
- Issue with Authenticating on Office 365
- Error while Downloading Logs Package
- Error While Configuring SMS OTP Method
- Configuring the Log Rotation in Docker Before Deploying the Advanced Authentication Server
- Error While Logging In to Salesforce
- Analyzing Performance Issue Using the Profiling Tool
- Validating JSON Syntax in SLAnalyzer
- Push Messages Does Not Appear in Smartphone
- Insufficient Allocated Disk Space
- Clearing the Log Files
- Expanding the Root Partition
- Issue with Cluster Synchronization
- Users with very large userGroups attributes are being rejected by the NGINX reverse proxy
- General Best Practices
- Recommendations to Prevent Phishing Attacks
- Legal Notice