Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColor#444443
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#444443
borderStylesolid
titlePrerequisites

...

Panel
borderColor#135570
titleColorwhite
borderWidth1
titleBGColor#135570
titleTop Menu
Panel
borderColor#116490
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleAdmin Realm
Section
Column
width50%

Column

 

Access the Admin Realm (SecureAuth0) from the Home Page in the top menu

This realm is for the SecureAuth IdP Web Admin, and SecureAuth recommends that it is configured first to ensure the safety of the Web Admin

Follow the Web Admin Part II - Admin Realm Configuration Guide to secure the Web Admin, enable external access, and to control access

UI Text Box
typeinfo

Configure the Admin Realm first to ensure secure remote access

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleSpecialized Realms
Section
Column
width50%

Column
width50%

 

Click Specialized Realms in the top menu, and App Enrollment to view and / or modify the pre-configured realm that enables users to enroll and provision devices / browsers for OATH OTPs and Mobile Login Requests (PUSH Notifications)

Refer to Multi-Factor App Enrollment (URL) Realm Configuration Guide (version 9.1 and 9.2) for more information

Panel
borderColor#116490
titleColorwhite
borderWidth1
titleBGColor#116490
titleTools
Section
Column
width50%

Column
width50%

 

Use the Tools menu to access Web Config settings and update or decrypt the web config files for realms

See SecureAuth IdP Realm Guide - Encrypting and Decrypting Realms for more information

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleCreate Realms
Section
Column
width50%

Column

 

Click Create Realms in the top menu, and Create New From Template to create and configure a new realm with the SecureAuth IdP Web Admin Wizard

Expand
titleCreate New Realm From Template Configuration Steps
Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleApps
Section
Column
width50%

Column

 

1. Select an application from the provided list to establish the target resource of the new realm

For this example, Google Apps is selected

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleStep 1. General
Section
Column
width50%

Column

 

2. Provide a Page Title/Header, e.g. Google Apps

This will appear in the Web Admin and on the end-user login pages

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleStep 2. Active Directory
Section
Column
width50%

Column
width50%

3. Select Create New from the Data Source dropdown if the Active Directory integration to be used for Google Apps has not been configured in another realm; or select the SecureAuth IdP realm that has the required configurations from the Data source dropdown

If a SecureAuth IdP realm is selected, the other fields will auto-populate with the appropriate values

4. Provide the Active Directory Domain

5. Provide the username of the SecureAuth IdP data store service account in the Service Account Login field

A service account with read access is required to extract information for authentication and assertion, and (optional) write access is required to alter or add information to the data store from SecureAuth IdP (e.g. password update, provisioned devices, knowledge-based questions)

6. Provide the password that is associated to the above username in the Service Account Password field

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleStep 3. SAML
Section
Column
width50%

Column
width50%

7. In the Start Location dropdown, select At Service Provider if the end-user will initiate the login process at Google Apps; or select At SecureAuth if the end-user will initiate the login process at the SecureAuth IdP realm

8. Provide the Service Provider Start URL, which would be a vanity URL, such as https://mail.google.com/a/company.com

9. Provide the RelayState if At SecureAuth was selected in step 7

This is the same as the SAML Target URL in the Web Admin realm configuration

10. Select how SecureAuth IdP will map to the directory user account from the SAML ID (NameID) Mapping dropdown

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleStep 4. Workflow
Section
Column
width50%

Column

 

11. Select Enabled from the Two-factor Authentication dropdown to enable a 2-Factor Authentication workflow for this realm

12. Select the type of persistent token that will be accepted and / or generated in this realm from the Two Factor Persistence dropdown

13. Check the boxes to enable SecureAuth IdP Properties that map to directory Fields (configured in the Data tab) to be used for 2-Factor Authentication

For example, checking Phone 2 enables Voice, SMS / Text, or both OTP delivery to the phone number mapped to Phone 2

14. Select Enabled from the Password Validation dropdown to require a password in addition to the username and second factor

15. Select On Separate/Last Page from the Password Location dropdown to enable a Standard Authentication Mode workflow (username + second factor + password)

Select On first page to have the username and password prompts on the first page, and then the 2-Factor Authentication process will follow

16. Click Next to review the configurations, then click Confirm to create the realm

UI Text Box
typeinfo

 More configurations and settings may be required in addition to these Wizard steps

Section

Anchor
createnew
createnew

Column
width50%

Column

 

Click Create Realms in the top menu, and Create New From Existing to create a new realm by copying the configurations of another realm

Expand
titleCreate New From Existing Configuration Steps
Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleCreate New From Existing
Section
Column
width50%

Column

 

1. Select the SecureAuth IdP realm that contains the necessary configurations from the Select Realm to Copy dropdown

2. Click Add New Realm

3. A new realm will be created, and by clicking on the new realm on the Home Page, modifications can be made

...

Panel
borderColor#008388
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#008388
borderStylesolid
titleWhat's Next

Move on to the Web Admin Part II - Admin Realm Configuration Guide to configure the Admin realm

For further information

Support options

Web: https://support.secureauth.com
Phone: 949-777-6959 option 2
Support Documentation Searchable Database: https://docs.secureauth.com
SecureAuth Services Status and Notification Service: https://www.secureauth.com/Support/Current-Service-Status-and-Alerts.aspx