Skip to main content

Part I: Web Admin introduction

Introduction

The Web Admin console is a browser-based tool used for configuring and managing the SecureAuth IdP application installed on an appliance or hosted in the cloud.

Review this document to become familiar with the SecureAuth IdP Web Admin and to navigate the user interface. On SecureAuth IdP version 9.3 and later, you can use the Classic Experience user interface to configure the entire user interface. Or you can use the New Experience user interface to configure an Active Directory or SQL Server data store integration, and integrate applications such as Salesforce or Office 365.

On the Classic Experience user interface, you use the Web Admin to work with realms – configured workflows used in the authentication process.

On the New Experience user interface, you use the Web Admin to create directory integrations as objects that can be associated with applications added on the Web Admin (see New Experience and Classic Experience Web Admin).

This document provides information about working with the Classic Experience user interface.

Prerequisites

Start the Web Admin

After successfully installing the SecureAuth IdP appliance, log on the server, start your web browser and click the provided bookmark (SecureAuth Admin) to go to the Web Admin home page.

From the Web Admin home page, you can create a realm, search for a realm you created and then edit it, or use tools to work with realms.

About realms

The Admin realm, SecureAuth0, is the main realm on SecureAuth IdP Web Admin; it's the realm that manages the SecureAuth IdP server, and the realm which enables Multi-Factor Authentication for end-users. SecureAuth recommends configuring the Admin realm first to ensure the security of the appliance and the realms contained on it.

All other realms you configure on the SecureAuth IdP Web Admin user interface usually result in the creation of a workflow page presented to end-users for entering credentials and authenticating to access a protected resource. Each realm contains an integrated user directory; one or more selected Multi-Factor Authentication methods; login requirements and structure; post-authentication destination; logging options; as well as other necessary features or integrated components such as SMTP, proxy server, SCEP, Cloud Services, etc.

About Web Admin realm tabs

Overview tab

Use the Overview tab to design the appearance of the workflow page to be presented to end-users, to enable languages to be viewed on that page, and to configure general SMTP email settings to be used for any SecureAuth IdP email messages (2-Factor Authentication, Account Updates, etc.).

See Overview Tab configuration.

47230274.png

Data tab

Use the Data tab for directory integration and user account mapping.

SecureAuth IdP requires an on-premises data store with which it can integrate to extract information for authentication and assertion purposes, and to which it can write updated user information – example: passwords, phone numbers, knowledge-based questions, etc.

In the Profile Fields section, map Fields from the data store to SecureAuth IdP Properties to exchange user information without storing anything on SecureAuth IdP.

To configure the Data tab, refer to Data Tab Configuration.

47243684.png

Workflow tab

Use the Workflow tab to dictate how end-users will access the target resource, including the authentication mode (standard workflow, username / password only, persistent token only, etc.), and token / cookie / fingerprint settings, for example.

This tab also includes settings for Social IDs (Facebook, Google, LinkedIn, and Windows Live) for Multi-Factor Authentication.

To configure the Workflow tab, refer to Workflow configuration.

47230272.png

Adaptive Authentication tab

Use the Adaptive Authentication tab for configuring SecureAuth IdP to implement the appropriate action for handling an end-user's authentication request, based on a real-time analysis of the authentication attempt.

Adaptive Authentication features include: IP/Country blacklisting and whitelisting, IP Reputation and Threat Data analysis, User and/or Group membership, Geo-velocity analysis, and User Risk analysis.

To customize these features on the Adaptive Authentication tab, refer to Adaptive Authentication configuration.

47243686.png

Multi-Factor Methods tab

Use the Multi-Factor Methods tab to configure and enable the various Multi-Factor Authentication methods end-users can select and use during the login process, if these methods are registered in their accounts.

To configure the Multi-Factor Methods tab, refer to Multi-Factor Methods configuration.

Multi-FactorMethods.png

Post Authentication tab

Use the Post Authentication tab to define the realm's target resource. The fields and objects that appear on this tab are based on the selection made from the Authenticated User Redirect dropdown. For example, selecting SAML 2.0 (IdP Initiated) Assertion Page will show only the settings required for that type of target page.

You can specify an out-of-the-box Identity Management (IdM) tool as a target page by selecting the option for Self-service Password Reset, Account Update, User Creation, or Reporting, and then customizing that page. Additionally, you can create target pages for applications that use SAML, or applications that use WS-Federation or OAuth 2.0. You can also create post-authentication requests for certificates or enrollment.

To configure the Post Authentication tab, refer to Post Authentication configuration as a starting point, and then consult the appropriate guides for the configuration type, such as Integration Guides, IdM Tools Configuration Guides, or Certificate Delivery.

47230270.png

API tab

Use the API tab to enable SecureAuth IdP's APIs for use on the realm. Such APIs can then be called to perform Authentication and/or Identity Management functions on a custom application.

The Application ID and Application Key on this tab can readily be copied and pasted in another application.

To configure the API tab, refer to API configuration.

47243683.png

Logs tab

Use the Logs tab to enable and review Audit, Debug, Error, and Certificate Logs for the realm.

You can review all authentication events and can search error logs to fix issues end-users may be experiencing during the login process.

To configure the Logs tab, refer to Logs Tab Configuration.

47243685.png

System Info tab

Use the System Info tab to review configuration settings that may need modification, such as proxy or SCEP.

Find information about the appliance such as licensing information, certificate settings, and web.config backup files.

To configure the System Info tab, refer to System Info configuration.

47243688.png

What's next

Move on to the Part II: Configure the Admin realm (SecureAuth0) to configure the Admin realm.

Additional information

  • Learn more about realms in Work with SecureAuth IdP realms.

  • See Third-Party Integration & Configuration Guides for specific configuration and integration guides. Additional methods of support are listed below.

Support options