In the SecureAuth IdP Web Admin, new realms can be created by duplicating an existing realm's configurations to be modified as needed, or by utilizing a Wizard Template.
Creating a new realm from an existing realm simply takes all of the realm's settings configured in the Web Admin and generates a copy. Once the copy is made, the administrator can modify any configurations to suit the new realm's purpose.
This option is ideal for realms using the same directory integrations, proxy settings, and other third-party product implementations to ensure consistency and to avoid unnecessary manual entry.
The Template takes the administrator through an application integration, starting with the target resource (application), and onto the directory integration, protocol values (SAML, WS-Federation, etc.), and workflow options (Multi-Factor Authentication requirements and methods).
This is a base realm configuration; and to enable other features of SecureAuth IdP, or to customize the realm further, additional configuration within the realm is required.
Click Create Realms in the top menu, and Create New From Existing to create a new realm by copying the configurations of another realm
1. Select the SecureAuth IdP realm that contains the necessary configurations from the Select Realm to Copy dropdown
2. Click Add New Realm
3. A new realm will be created, and by clicking on the new realm on the Home Page, modifications can be made
Click Create Realms in the top menu, and Create New From Template to create and configure a new realm with the SecureAuth IdP Web Admin Wizard
1. Select an application from the provided list to establish the target resource of the new realm
For this example, Google Apps is selected
2. Provide a Page Title/Header, e.g. Google Apps
This will appear in the Web Admin and on the end-user login pages
3. Select Create New from the Data Source dropdown if the Active Directory integration to be used for Google Apps has not been configured in another realm; or select the SecureAuth IdP realm that has the required configurations from the Data Source dropdown
If a SecureAuth IdP realm is selected, the other fields will auto-populate with the appropriate values
4. Provide the Active Directory Domain
5. Provide the username of the SecureAuth IdP data store service account in the Service Account Login field
A service account with read access is required to extract information for authentication and assertion, and (optional) write access is required to alter or add information to the data store from SecureAuth IdP (e.g. password update, provisioned devices, knowledge-based questions)
6. Provide the password that is associated to the above username in the Service Account Password field
7. In the Start Location dropdown, select At Service Provider if the end-user will initiate the login process at Google Apps; select At SecureAuth if the end-user will initiate the login process at the SecureAuth IdP realm
8. Provide the Service Provider Start URL, which would be a vanity URL such as https://mail.google.com/a/company.com
9. Provide the RelayState if At SecureAuth was selected in step 7
This is the same as the SAML Target URL in the Web Admin realm configuration
10. Select how SecureAuth IdP will map to the directory user account from the SAML ID (NameID) Mapping dropdown
11. Select Enabled from the Two-factor Authentication dropdown to enable a Multi-Factor Authentication workflow for this realm
12. Select the type of persistent token that will be accepted and / or generated in this realm from the Two Factor Persistence dropdown
13. Check the boxes to enable SecureAuth IdP Properties that map to directory Fields (configured in the Data tab) to be used for Multi-Factor Authentication
For example, checking Phone 2 enables Voice, SMS / Text, or both OTP delivery to the phone number mapped to Phone 2
14. Select Enabled from the Password Validation dropdown to require a password in addition to the username and second factor
15. Select On Separate/Last Page from the Password Location dropdown to enable a Standard Authentication Mode workflow (username + second factor + password)
Select On first page to have the username and password prompts on the first page, and then the Multi-Factor Authentication process will follow
16. Click Next to review the configurations and from there, Submit the settings to create the realm
More configurations and settings may be required in addition to these Wizard steps