Part I: Web Admin introduction

The Admin realm, SecureAuth0, is the main realm on SecureAuth IdP Web Admin; it's the realm that manages the SecureAuth IdP server, and the realm which enables Multi-Factor Authentication for end-users. SecureAuth recommends configuring the Admin realm first to ensure the security of the appliance and the realms contained on it.

All other realms you configure on the SecureAuth IdP Web Admin user interface usually result in the creation of a workflow page presented to end-users for entering credentials and authenticating to access a protected resource. Each realm contains an integrated user directory; one or more selected Multi-Factor Authentication methods; login requirements and structure; post-authentication destination; logging options; as well as other necessary features or integrated components such as SMTP, proxy server, SCEP, Cloud Services, etc.

Select an option on the top menu toolbar to work with realms on the Web Admin:

SecureAuth recommends configuring this realm first since SecureAuth0 is the main SecureAuth IdP Web Admin realm.

Follow instructions in Part II: Configure the Admin realm (SecureAuth0) to secure the Web Admin, enable remote access, and control access to the Web Admin.

You can modify the App Enrollment realm which enables users to enroll and provision devices / browsers for OATH OTPs and Mobile Login Requests (PUSH Notifications).

Refer to Multi-Factor App Enrollment (URL) realm configuration for more information.

Access Web Config settings and update or decrypt the web config files for realms.

See Decrypting / encrypting realms in Work with SecureAuth IdP realms for more information.

See How to create a realm in Work with SecureAuth IdP realms for more information.

You access a realm from the home page by clicking the realm title (e.g. IP Reputation). Once you open the realm, you can modify it. See Work with SecureAuth IdP realms.

If you can't find the realm you want to modify, you can use the Search box at the upper right of the page to search by:

Or you can click a specific page number below the search box to go to that page and view the list of realms on that page.

From any realm on the Web Admin, return to the home page by clicking the SecureAuth logo at the top left of the page.

Use the Overview tab to design the appearance of the workflow page to be presented to end-users, to enable languages to be viewed on that page, and to configure general SMTP email settings to be used for any SecureAuth IdP email messages (2-Factor Authentication, Account Updates, etc.).

See Overview Tab configuration.

Use the Data tab for directory integration and user account mapping.

SecureAuth IdP requires an on-premises data store with which it can integrate to extract information for authentication and assertion purposes, and to which it can write updated user information – example: passwords, phone numbers, knowledge-based questions, etc.

In the Profile Fields section, map Fields from the data store to SecureAuth IdP Properties to exchange user information without storing anything on SecureAuth IdP.

To configure the Data tab, refer to Data Tab Configuration.

Use the Workflow tab to dictate how end-users will access the target resource, including the authentication mode (standard workflow, username / password only, persistent token only, etc.), and token / cookie / fingerprint settings, for example.

This tab also includes settings for Social IDs (Facebook, Google, LinkedIn, and Windows Live) for Multi-Factor Authentication.

To configure the Workflow tab, refer to Workflow configuration.

Use the Adaptive Authentication tab for configuring SecureAuth IdP to implement the appropriate action for handling an end-user's authentication request, based on a real-time analysis of the authentication attempt.

Adaptive Authentication features include: IP/Country blacklisting and whitelisting, IP Reputation and Threat Data analysis, User and/or Group membership, Geo-velocity analysis, and User Risk analysis.

To customize these features on the Adaptive Authentication tab, refer to Adaptive Authentication configuration.

Use the Multi-Factor Methods tab to configure and enable the various Multi-Factor Authentication methods end-users can select and use during the login process, if these methods are registered in their accounts.

To configure the Multi-Factor Methods tab, refer to Multi-Factor Methods configuration.

Use the Post Authentication tab to define the realm's target resource. The fields and objects that appear on this tab are based on the selection made from the Authenticated User Redirect dropdown. For example, selecting SAML 2.0 (IdP Initiated) Assertion Page will show only the settings required for that type of target page.

You can specify an out-of-the-box Identity Management (IdM) tool as a target page by selecting the option for Self-service Password Reset, Account Update, User Creation, or Reporting, and then customizing that page. Additionally, you can create target pages for applications that use SAML, or applications that use WS-Federation or OAuth 2.0. You can also create post-authentication requests for certificates or enrollment.

To configure the Post Authentication tab, refer to Post Authentication configuration as a starting point, and then consult the appropriate guides for the configuration type, such as Integration Guides, IdM Tools Configuration Guides, or Certificate Delivery.

Use the API tab to enable SecureAuth IdP's APIs for use on the realm. Such APIs can then be called to perform Authentication and/or Identity Management functions on a custom application.

The Application ID and Application Key on this tab can readily be copied and pasted in another application.

To configure the API tab, refer to API configuration.

Use the Logs tab to enable and review Audit, Debug, Error, and Certificate Logs for the realm.

You can review all authentication events and can search error logs to fix issues end-users may be experiencing during the login process.

To configure the Logs tab, refer to Logs Tab Configuration.

Use the System Info tab to review configuration settings that may need modification, such as proxy or SCEP.

Find information about the appliance such as licensing information, certificate settings, and web.config backup files.

To configure the System Info tab, refer to System Info configuration.