Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColor#135570
bgColorwhite
titleColorwhite
titleBGColor#135570
borderWidth1
titleCreating Realms
borderStylesolid

In the SecureAuth IdP Web Admin, new realms can be created by duplicating an existing realm's configurations to be modified as needed, or by utilizing a Wizard Template.

Creating a new realm from an existing realm simply takes all of the realm's settings configured in the Web Admin and generates a copy. Once the copy is made, the administrator can modify any configurations to suit the new realm's purpose.

This option is ideal for realms using the same directory integrations, proxy settings, and other third-party product implementations to ensure consistency and to avoid unnecessary manual entry.

The Template takes the administrator through an application integration, starting with the target resource (application), and onto the directory integration, protocol values (SAML, WS-Federation, etc.), and workflow options (2-Factor Authentication requirements and methods).

This is a base realm configuration; and to enable other features of SecureAuth IdP, or to customize the realm further, additional configuration within the realm is required.

Panel
borderColor#116490
bgColorwhite
titleColorwhite
titleBGColor#116490
borderWidth1
titleCreate New Realm From Existing Steps
borderStylesolid
Section
Column
width50%

Column

 

Click Create Realms in the top menu, and Create New From Existing to create a new realm by copying the configurations of another realm

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
borderWidth1
titleCreate Realm From Existing
borderStylesolid
Section
Column
width50%

Column

 

1. Select the SecureAuth IdP realm that contains the necessary configurations from the Select Realm to Copy dropdown

2. Click Add New Realm

3. A new realm will be created, and by clicking on the new realm on the Home Page, modifications can be made

Panel
borderColor#116490
bgColorwhite
titleColorwhite
titleBGColor#116490
borderWidth1
titleCreate New Realm From Template Steps
borderStylesolid
Section
Column
width50%

Column

 

Click Create Realms in the top menu, and Create New From Template to create and configure a new realm with the SecureAuth IdP Web Admin Wizard

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
borderWidth1
titleApps
borderStylesolid
Section
Column
width50%

Column

 

1. Select an application from the provided list to establish the target resource of the new realm

For this example, Google Apps is selected

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
borderWidth1
titleStep 1. General
borderStylesolid
Section
Column
width50%

Column

 

2. Provide a Page Title/Header, e.g. Google Apps

This will appear in the Web Admin and on the end-user login pages

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
borderWidth1
titleStep 2. Active Directory
borderStylesolid
Section
Column
width50%

Column
width50%

3. Select Create New from the Data Source dropdown if the Active Directory integration to be used for Google Apps has not been configured in another realm; or select the SecureAuth IdP realm that has the required configurations from the Data Source dropdown

If a SecureAuth IdP realm is selected, the other fields will auto-populate with the appropriate values

4. Provide the Active Directory Domain

5. Provide the username of the SecureAuth IdP data store service account in the Service Account Login field

A service account with read access is required to abstract information for authentication and assertion, and (optional) write access is required to alter or add information to the data store from SecureAuth IdP (e.g. password update, provisioned devices, knowledge-based questions)

6. Provide the password that is associated to the above username in the Service Account Password field

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
borderWidth1
titleStep 3. SAML
borderStylesolid
Section
Column
width50%

Column
width50%

7. Select At Service Provider if the end-user will initiate the login process at Google Apps; select At SecureAuth if the end-user will initiate the login process at the SecureAuth IdP realm

8. Provide the Service Provider Start URL, which would be a vanity URL, such as https://mail.google.com/a/company.com

9. Provide the RelayState if At SecureAuth was selected in step 7

This is the same as the SAML Target URL in the Web Admin realm configuration

10. Select how SecureAuth IdP will map to the directory user account from the SAML ID (NameID) Mapping dropdown

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
titleBGColor#007fb2
borderWidth1
titleStep 4. Workflow
borderStylesolid
Section
Column
width50%

Column

 

11. Select Enabled from the Two-factor Authentication dropdown to enable a 2-Factor Authentication workflow for this realm

12. Select the type of persistent token that will be accepted and / or generated in this realm from the Two Factor Persistence dropdown

13. Check the boxes to enable SecureAuth IdP Properties that map to directory Fields (configured in the Data tab) to be used for 2-Factor Authentication

For example, checking Phone 2 enables Voice, SMS / Text, or both OTP delivery to the phone number mapped to Phone 2

14. Select Enabled from the Password Validation dropdown to require a password in addition to the username and second factor

15. Select On Separate/Last Page from the Password Location dropdown to enable a Standard Authentication Mode workflow (username + second factor + password)

Select On first page to have the username and password prompts on the first page, and then the 2-Factor Authentication process will follow

16. Click Next to review the configurations and from there, Submit the settings to create the realm

Info

More configurations and settings may be required on top of the Wizard steps

Panel
borderColor#007fb2#135570
bgColorwhite
titleColorwhite
titleBGColor#007fb2#135570
borderWidth1
titleAccessing Realms
borderStylesolid
Section
Column
width50%

Column
width50%

Section
Column
width50%

Access realms from the Web Admin Home Page by selecting the title of the realm (e.g. Forgot Username)

Within the realm overview presented on the Home Page, select the links to access a specific tab within the realm:

  1. Select the Theme to access the Overview tab
  2. Select the Data Store to access the Data tab
  3. Select the Authentication Mode to access the Workflow tab
  4. Select the 2-Factor Authentication Options to access the Registration Methods tab
  5. Select the .aspx Landing Page to access the Post Authentication tab

Search through the configured realms to find the specific realm to access

Select Admin Realm at the top of the Home Page to access SecureAuth0

Column
width50%

Access realms from within another realm by selecting the realm name in the left-side menu (e.g. SecureAuth2)

Click the pop-out icon to view the client-side pages of the configured realms (username, 2-Factor Authentication methods, password, and post-authentication pages)

Panel
borderColor#009fd9#135570
bgColorwhite
titleColorwhite
titleBGColor#009fd9#135570
borderWidth1
titleCustomizing Realms
borderStylesolid
Section
Column
width50%

Column

 

To internally and externally customize a realm, modifications can be made in the Overview tab

The Realm Description is used internally (displayed in the Web Admin only) to describe the purpose of the realm, e.g. Secure Access to App X

The Realm Description appears on the Web Admin Home Page under the Realm Title, and in the left-side menu

The Document Title is used externally (displayed client-side only) to title the browser tab of the end-user workflow pages

The Page Header is used internally and externally to title the realm and to title the end-user workflow pages

The Page Header appears as Realm Title on the Web Admin Home Page, and in the left-side menu

Click Save to execute any changes made in the realm

Info

Refer to the SecureAuth IdP Admin Guide to continue configuring realms

...