Skip to main content

Cloud: Getting started

The SecureAuth® Identity Platform features a simplified user interface to help administrators install and configure the security environment that is right for teams in their organization. The following administrator workflow is for organizations starting a SecureAuth cloud deployment.

Administrator workflow

Administrators can use the following workflow to set up the Identity Platform. The workflow gives context and descriptions for the tasks to be performed, and provides links to topics that describe prerequisites, detailed steps, or detailed use cases and scenarios to help you understand each piece of the workflow and how the pieces fit together.

Before you begin

You will work with a SecureAuth Project Manager to determine your organization's needs, based on your chosen SecureAuth package. Some considerations include the MFA methods your teams will use, how single sign-on will work for applications, the levels of identity management to be set, and the kind of end user self-service experience you want for your teams.

To simplify the setup, the Identity Platform user interface (UI) contains onscreen assistance to guide you to achieve your goals. Examples of onscreen assistance are delineated with red arrows in the following image.

onscreen_assistance.png

Deploy the Identity Platform

After you and your Project Manager have completed detailed discussions about your organization's security needs, you are ready to begin deploying the Identity Platform. Your Project Manager will gather a contact email so that a temporary admin account can be set up for you.

Tip

Use the following steps as a checklist to be completed. Each step contains links connecting you to more detailed steps. To keep this document open and at the correct step, open links in a new tab: click the mouse wheel over the link (Windows) or press Control and click the mouse button over the link (Mac).

  1. You will receive an email with a unique username and password specific to your organization. Follow the instructions to log into the Identity Platform with your unique credentials. After logging in, check the email associated with the admin account. Obtain a configuration passcode in the email and use it to authenticate in.

    These credentials give you temporary access to the Identity Platform to complete some key setup steps. You will work with a Project Manager in a later step to configure permanent administrator access.

    After logging in, you will see the Identity Platform homepage. The intelligence dashboard provides real-time visibility to key metrics of your system. When you log in for the first time, your dashboard might not show any data until data transactions move through the system.

    dashboard_2307.png
  2. Download and install the SecureAuth Connector on your Windows data store server.

    You must first install and set up an on-prem SecureAuth Connector to establish communication between the Identity Platform and your data store.

    See Data Stores for a discussion and prerequisites. See Install the SecureAuth Connector for prerequisites and steps.Data store integrationsSecureAuth Connector installation

  3. Set up and manage user identity information by adding a data store to the Identity Platform. The SecureAuth Connector communicates with the data store and the Identity Platform to ensure that users logging into an application have access.

    See an overview of Data store integrations to select the appropriate data store (Active Directory, Microsoft SQL Server, Microsoft Entra ID, Oracle Database, Generic LDAP connections, NetIQ eDirectory) and to follow steps to integrate the data store with the Identity Platform.Data store integrations

    Optional: Manage data store integration settings and mapped properties. You might edit data stores, for example if you need to change the name of your data store.

  4. Configure permanent administrator access to the Identity Platform.

    Your Project Manager will assist you during this process.

  5. Set up the global Multi-factor Authentication (MFA) methods available for you to provision and globally define for your organization.

    1. Log into the Identity Platform using the credentials you set in step 4 and the second factor you set up with the Project Manager.

    2. In the Identity Platform, click Multi-Factor Methods on the left side of the page.

    3. Under Method configuration, edit a method by clicking the pencil icon on the right side of the page.

      See Global multi-factor authentication (MFA) methods overview.

  6. Configure the Policies to be used for your organization. Policies consist of authentication rules, which you can define to authenticate users to and block users from certain applications. SecureAuth recommends using the default policy for a general level of authentication security for your organization. The default policy applies to most of your authentications. If you require different levels of authentication security, you can customize the default policy or add a new policy.

    Learn about How policy rules are used to understand the default policy rules, such as User, Threat Service, etc. See Manage policies to create a policy and define its rules.

  7. Add and manage applications for your organization by clicking Application Manager on the left side of the page. Use the Application Manager to add an application, such as Salesforce, Microsoft Office 365, and many more, and set security for the application.

    See Application Manager to add and set up applications.

  8. If you want to see what end users will need to set up to use MFA for logging in, see the SecureAuth Onboarding Toolkit.

    This downloadable toolkit includes email templates and end-user experience setup steps for you to customize to prepare your end users for the changeover to 2FA.

End user workflow

End users can use the MFA methods that you have enrolled them in to log in with a desktop or mobile app.

Before logging in, end users must define answers to security questions, set up a YubiKey device, register a phone number to receive a call or text to obtain passcodes, or set up other MFA methods that allow them to log in. They can follow instructions customized by the administrator and sent to them in email.