The Web Admin console is a browser-based tool used for configuring and managing the SecureAuth IdP application installed on an appliance or hosted in the cloud.
Review this document to become familiar with the SecureAuth IdP Web Admin and to navigate the user interface. On SecureAuth IdP version 9.3 and later, you can use the Classic Experience user interface to configure the entire user interface. Or you can use the New Experience user interface to configure an Active Directory or SQL Server data store integration, and integrate applications such as Salesforce or Office 365.
On the Classic Experience user interface, you use the Web Admin to work with realms – configured workflows used in the authentication process.
On the New Experience user interface, you use the Web Admin to create directory integrations as objects that can be associated with applications added on the Web Admin (see New Experience and Classic Experience Web Admin).
This document provides information about working with the Classic Experience user interface.
- Familiarize yourself with the SecureAuth IdP appliance specifications.
- Conduct the pre-deployment meeting with your Sales Engineer.
- Complete Part I: Pre-installation.
- Complete Part II: Installation and setup.
Start the Web Admin
After successfully installing the SecureAuth IdP appliance, log on the server, start your web browser and click the provided bookmark (SecureAuth Admin) to go to the Web Admin home page.
From the Web Admin home page, you can create a realm, search for a realm you created and then edit it, or use tools to work with realms.
The Admin realm, SecureAuth0, is the main realm on SecureAuth IdP Web Admin; it's the realm that manages the SecureAuth IdP server, and the realm which enables Multi-Factor Authentication for end-users. SecureAuth recommends configuring the Admin realm first to ensure the security of the appliance and the realms contained on it.
All other realms you configure on the SecureAuth IdP Web Admin user interface usually result in the creation of a workflow page presented to end-users for entering credentials and authenticating to access a protected resource. Each realm contains an integrated user directory; one or more selected Multi-Factor Authentication methods; login requirements and structure; post-authentication destination; logging options; as well as other necessary features or integrated components such as SMTP, proxy server, SCEP, Cloud Services, etc.
Navigate the Web Admin home page
Use options on the top menu toolbar
Select an option on the top menu toolbar to work with realms on the Web Admin:
- Admin Realm, when clicked, opens the Admin page, SecureAuth0
SecureAuth recommends configuring this realm first since SecureAuth0 is the main SecureAuth IdP Web Admin realm.
Follow instructions in Part II: Configure the Admin realm (SecureAuth0) to secure the Web Admin, enable remote access, and control access to the Web Admin.
- Specialized Realms lets you select the pre-configured App Enrollment realm.
You can modify the App Enrollment realm which enables users to enroll and provision devices / browsers for OATH OTPs and Mobile Login Requests (PUSH Notifications).
Refer to Multi-Factor App Enrollment (URL) realm configuration for more information.
- Tools lets you choose the option to either update or decrypt the web.config file.
Access Web Config settings and update or decrypt the web config files for realms.
See Decrypting / encrypting realms in Work with SecureAuth IdP realms for more information.
- Create Realms lets you create a new realm by choosing the option to either use an existing template or by copy an existing realm.
See How to create a realm in Work with SecureAuth IdP realms for more information.
Access a realm
You access a realm from the home page by clicking the realm title (e.g. IP Reputation). Once you open the realm, you can modify it. See Work with SecureAuth IdP realms.
Search for a realm
If you can't find the realm you want to modify, you can use the Search box at the upper right of the page to search by:
- Realm name – example: SecureAuth53
- Realm title – example: IP Reputation
- Realm description – example: Logging
Or you can click a specific page number below the search box to go to that page and view the list of realms on that page.
Return to the Web Admin home page
From any realm on the Web Admin, return to the home page by clicking the SecureAuth logo at the top left of the page.
About Web Admin realm tabs
Use the Overview tab to design the appearance of the workflow page to be presented to end-users, to enable languages to be viewed on that page, and to configure general SMTP email settings to be used for any SecureAuth IdP email messages (2-Factor Authentication, Account Updates, etc.).
Use the Data tab for directory integration and user account mapping.
SecureAuth IdP requires an on-premises data store with which it can integrate to extract information for authentication and assertion purposes, and to which it can write updated user information – example: passwords, phone numbers, knowledge-based questions, etc.
In the Profile Fields section, map Fields from the data store to SecureAuth IdP Properties to exchange user information without storing anything on SecureAuth IdP.
To configure the Data tab, refer to Data Tab Configuration.
Use the Workflow tab to dictate how end-users will access the target resource, including the authentication mode (standard workflow, username / password only, persistent token only, etc.), and token / cookie / fingerprint settings, for example.
This tab also includes settings for Social IDs (Facebook, Google, LinkedIn, and Windows Live) for Multi-Factor Authentication.
To configure the Workflow tab, refer to Workflow configuration.
Adaptive Authentication tab
Use the Adaptive Authentication tab for configuring SecureAuth IdP to implement the appropriate action for handling an end-user's authentication request, based on a real-time analysis of the authentication attempt.
Adaptive Authentication features include: IP/Country blacklisting and whitelisting, IP Reputation and Threat Data analysis, User and/or Group membership, Geo-velocity analysis, and User Risk analysis.
To customize these features on the Adaptive Authentication tab, refer to Adaptive Authentication configuration.
Multi-Factor Methods tab
Use the Multi-Factor Methods tab to configure and enable the various Multi-Factor Authentication methods end-users can select and use during the login process, if these methods are registered in their accounts.
To configure the Multi-Factor Methods tab, refer to Multi-Factor Methods configuration.
Post Authentication tab
Use the Post Authentication tab to define the realm's target resource. The fields and objects that appear on this tab are based on the selection made from the Authenticated User Redirect dropdown. For example, selecting SAML 2.0 (IdP Initiated) Assertion Page will show only the settings required for that type of target page.
You can specify an out-of-the-box Identity Management (IdM) tool as a target page by selecting the option for Self-service Password Reset, Account Update, User Creation, or Reporting, and then customizing that page. Additionally, you can create target pages for applications that use SAML, or applications that use WS-Federation or OAuth 2.0. You can also create post-authentication requests for certificates or enrollment.
To configure the Post Authentication tab, refer to Post Authentication configuration as a starting point, and then consult the appropriate guides for the configuration type, such as Integration Guides, IdM Tools Configuration Guides, or Certificate Delivery.
Use the API tab to enable SecureAuth IdP's APIs for use on the realm. Such APIs can then be called to perform Authentication and/or Identity Management functions on a custom application.
The Application ID and Application Key on this tab can readily be copied and pasted in another application.
To configure the API tab, refer to API configuration.
Use the Logs tab to enable and review Audit, Debug, Error, and Certificate Logs for the realm.
You can review all authentication events and can search error logs to fix issues end-users may be experiencing during the login process.
To configure the Logs tab, refer to Logs Tab Configuration.
System Info tab
Use the System Info tab to review configuration settings that may need modification, such as proxy or SCEP.
Find information about the appliance such as licensing information, certificate settings, and web.config backup files.
To configure the System Info tab, refer to System Info configuration.
Move on to the Part II: Configure the Admin realm (SecureAuth0) to configure the Admin realm.
- Learn more about realms in Work with SecureAuth IdP realms.
- See Third-Party Integration & Configuration Guides for specific configuration and integration guides. Additional methods of support are listed below.
- Support web portal: https://support.secureauth.com
- Phone: 949-777-6959, option 2
- Support documentation, searchable database: https://docs.secureauth.com
- SecureAuth services status and notification service: http://status.secureauth.com