Documentation

Table of Contents 


Other Resources


 

 

Introduction

Review this document to prepare your SecureAuth IdP appliance(s) for deployment in your environment.

Contact the SecureAuth Project Management Office when you are ready to discuss details on deploying your SecureAuth IdP appliance(s).

Project Management Office:



Prerequisites

  1. Order the SecureAuth IdP appliance (virtual or hardware).
  2. Receive the shipment notification email from SecureAuth.
  3. Acquire the appliance:
    1. If virtual, download the virtual appliance image.
    2. If hardware, receive the hardware appliance.
  4. Apply the latest Microsoft patches for the environment where the SecureAuth Open Virtualization Appliance (OVA) is installed, including:

    • latest .NET patches
    • any patches for the Microsoft Server version: 2012R2, 2016, 2019, etc.



Prepare for the pre-deployment meeting

The keys to a successful deployment are thorough planning and preparation of the network environment where the appliance will live before beginning the installation, and a good understanding of what functions the appliance will be expected to perform. Your Sales Engineer (SE) will assist with this process during a pre-deployment meeting, working with you to define the intended functionality of the appliance, prepare the environment, and decide on initial settings.

Topics you should be prepared to discuss during the pre-deployment meeting are listed below.

Scope

What do you want the SecureAuth IdP appliance to do? SecureAuth IdP can perform multiple functions. Talk through the project with your SE to establish your goals for the appliance. Knowing what you expect the appliance to do will inform all the next steps and decide which further questions need to be answered.

What types of realms do you need? At a high level, each realm can provide one of three functions:

  • Multi-Factor Authentication
  • Single Sign-on (to both internal and external applications)
  • Identity Management and User Self-service

Integration

What database will the appliance connect to? SecureAuth IdP does not maintain its own database; instead, it connects to your existing company database in order to maintain the security of members' personally identifiable information (PII). The appliance can connect to nearly any LDAP or SQL-based database out of the box (Active Directory is by far the most common). If needed, the Custom Development team can often write connectors to databases that are not natively supported.

Where on your network will the appliance live? The location is always driven by the customer's network topology and security policies; the appliance is highly flexible in this regard. The primary concern here is understanding how communications between SecureAuth and the user database, the device or application, and the client systems will work.

How many and what kind of firewalls exist on your network? SecureAuth IdP requires certain ports to be opened between the appliance and the network in order to function.

  • The Network communication requirements for SecureAuth IdP page lists each port that must be opened on each firewall that stands between the appliance and the network.
  • If your network contains anything else that may break the connection (such as a proxy), discuss this with your SE.

Will this appliance be joined to an Active Directory domain? Read the document Domain membership and SecureAuth IdP if you are considering joining the appliance to a domain.

  • SecureAuth's recommendation is no, unless explicitly required.

Do you need reporting / logging capability? If so, then you will need to ensure that the appliance can talk to your reporting database.

Technology owners / points of contact

Who will install & power-up the appliance?

Who will connect the appliance to the network?

Who will run & maintain the appliance once deployed?

In many cases there are different teams responsible for these phases of deployment. Knowing this ahead of time greatly helps the SE facilitate useful communication among all parties.



Requirements before deploying

The items listed below need to be completed before beginning your installation.

Requirement

Description

Network Diagram

If possible, bring a copy of your company's network document to the pre-deployment meeting. This will help the SE gain a clearer understanding of how the appliance is going to fit into your network.

Database Information

Consult with your IT or Database team and request configuration and connection details for the company's database. Bring this information with you to the pre-deployment meeting.

Determine Network Details

Before or during the pre-deployment meeting, you need to make several decisions regarding how you will add the appliance to the network, including:

  • IP Address
    • Static IP vs. DHCP dynamic allocation
    • Subnet placement
  • DNS resolution
  • NTP source

Configure Firewall(s)

Before continuing, open the required ports for each firewall on your network that stands between the appliance and the network, which include the Windows Advanced Firewall and any additional corporate firewalls on your network.

If you require ICMP or additional ports and protocols for your environment, please work with your SE to properly complete the setup.

See Network communication requirements for SecureAuth IdP for the list of each port that must be opened on every firewall that stands between the appliance and the network.

What's next

When you have completed all steps on this page, proceed to Part II: Installation and setup.