Prerequisites

Before you set up Login for Linux in the SecureAuth® Identity Platform, review the following prerequisites.

Administrator

  • Identity Platform release. Login for Linux supported on the Identity Platform release 21.04 or later.

  • Port to open. Login for Linux communicates with the Identity Platform on TCP port 443.

  • Personalize the Login for Linux experience. You can customize the Login for Linux experience by setting or changing configuration options in Configure Identity Platform and Login for Endpoints.

  • Load balancer. If you use a load balancer:

    When you use Push-to-Accept, Symbol-to-Accept, or Link-to-Accept MFA methods with Login for Linux, you must enable session persistence ("sticky sessions") on the load balancer to maintain state with the Identity Platform.

    Login for Linux supports cookie-based persistence only.

  • Compatibility. Ensure target end user machines are running on supported OS versions in the SecureAuth compatibility guide.

Other setup requirements. See the following for other set up requirements.

  • User account and workstation requirements. See the following items:

    • The Active Directory profile for the end user must be accurately configured on the workstation. This is important so that the endpoint can retrieve the AD end user profile during the login process.

    • If an end user is already using a YubiKey device for YubiKey multi-factor authentication on a SecureAuth Identity Platform realm, the OATH seed and associated YubiKey device must be removed from the end user's account to prevent a conflict when the end user attempts to use a YubiKey device for HOTP authentication. (See the steps under "End user multi-factor authentication" in the YubiKey HOTP Device Provisioning and Multi-Factor Authentication Guide to remove the YubiKey device from the user account profile.)

    Note

    If an end user is disabled on Active Directory, the local account will not know the history of the AD account, and the user will not be able to log on the workstation.