Part I: Select the appropriate documentation for you SecureAuth IdP Appliance(s):
Part I Virtual - Install and Power-on Your SecureAuth IdP 8.1 Virtual Appliance: Use these instructions to download the .OVA / .OVF file which contains the SecureAuth virtual appliance disk image. This document contains the procedure for importing your virtual machine into your virtual host server. To save you time, the appliance is configured to use Dynamic Host Configuration Protocol (DHCP) by default to automatically acquire an IP address from the network.
Domain Membership. Avoid adding the SecureAuth appliance to an Active Directory Domain unless required for specific functionality (e.g. Integrated Windows Authentication used for Desktop SSO) or if required by your Enterprise Security Policy. The SecureAuth Appliance is designed to function as a stand-alone appliance or as a domain member. If you plan to join the Appliance to your Active Directory domain SecureAuth recommends Adjusting the local Advanced Firewall rules to complete the process of joining a domain.
Review any Domain GPOs applied to the SecureAuth appliance with your SecureAuth Sales Engineer.
The local Firewall/Windows Advanced firewall is configuredto allow specific network communications only. If you require ICMP or additional ports and protocols for your environment, please work with your Sales Engineer or temporarily disable the local firewall to complete the setup.
The final configuration of the Windows Advanced firewall during the installation meeting.
Set/verify NTP Services, the Appliance Clock, and Time Zone settings by completing the Windows Mini Setup Wizard prompts. These setting must be set correctly for your region. Appliance NTP services are set using the SecureAuth Local Firewall configuration script as well. A default Internet based NTP configuration is completed on the appliance prior to shipment. Problems validating certificates may occur if a deviation of more than 5 minutes or an incorrect time zone is set.
For Virtual Appliances Only: If you are deploying a SecureAuth Virtual Appliance, please verify the NTP configuration, time zone and clock settings are correct on the Host (Hyper-visor) Server.
Connecting SecureAuth Services to your Enterprise Data Store. SecureAuth uses the existing enterprise data store such as LDAP/AD or a SQL Database.
SecureAuth Supports the use of many different Data Stores. For information on other stores please contact your Sales Engineer or SecureAuth Support.
Define the appropriate User Data Store Connection information.
If using LDAP or AD: Contact your IT department and request LDAP or AD information. Bring this information to the pre-deployment meeting. An LDAP string in the first bullet listed below is required for deployment; it is used to connect a Microsoft Active Directory or another LDAP Directory.
Set the minimal string to the following: LDAP://domain.com/DC=domain,DC=com. This configuration searches from the highest level in your AD hierarchy using Integrated Active Directory DNS to resolve all DCs in the Active Directory site Domain.com
(Optional) Include a CN or OU in the String above to limit the search capabilities to only that specific Directory Container (e.g. LDAP://domain.com/CN=Users,DC=domain,DC=com)
If using SQL: Define the ODBC Connection details (for database integrations) The following connection information is required to connect SecureAuth to your User Database. Please have it available during the scheduled installation
FQDN or IP Address of your Database Server
TCP (or UDP) port
Check for Service Specific Network Connectivity.
If you have legacy appliances running in your environment, please check the network requirements for the version of SecureAuth IdP or speak to your sales or deployment engineer.
Verify proper DNS resolution is configured and working (Internal and external) from the appliance. Please register the SecureAuth Appliance name in the appropriate DNS lookup zones.
If the installation requires a proxy setup, verify that proxy settings are correctly configured in the Internet Options window.
To access Internet Options, click Start, then type 'Internet Options'.
(If Applicable) Test for connectivity to the Active Directory Domain controller(s) using the LDAP Tool provided on the SecureAuth menu of the SecureAuth Appliance or your preferred LDAP Browser utility. (If Applicable) Test for connectivity to the Database Server. Connect to the database server using telnet [Telnet <IP Address> <Port Number>]
The Telnet feature is not installed by default. Use Add/Remove programs / features to enable the Telnet client. Use this tool to verify LDAP stings, Service Account, password and read/write permissions on specific attributes. If you are not familiar with the Microsoft LDAP (LDP.exe) tool, contact your Sales Engineer for a quick introduction.
If you are using SMTP Mail for OTP delivery test connectivity to your preferred SMTP Server (Exchange or mail relay).Test for port 25 connectivity from the SecureAuth Appliance to the SMTP provider. Mailbox, account and reply-to address are typically required.
Once you have successfully completed these service checks, you are ready to begin a guided installation. If the pre-deployment meeting has not been completed or scheduled, please contact the SecureAuth Project Management Office via email at PMO@Secureauth.com or call +1 (949) 777-6959 and ask for a PMO team member.