Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColor#444443
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#444443
borderStylesolid
titlePrerequisites

1. Create a New Realm for the Secure Portal page

2. Configure the realms to which the Secure Portal page will point connects for access

3. Configure the following tabs in the Web Admin before configuring the Post Authentication tab:

  • Overview – the description of the realm and SMTP connections must be defined
  • Data – an enterprise directory must be integrated with SecureAuth IdP
  • Workflow – the way in which users will access this application must be defined
  • Registration Methods – the 2-Factor Authentication methods that will be used to access this page (if any) must be defined
The configuration steps below are for realms to which the Secure Portal points, and not for the Secure Portal realm
Panel
borderColor#135570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#135570
borderStylesolid
titleConfiguration Steps
Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titlePost Authentication
Section
Column
width50%

Column

 

1. Select Secure Portal from the Authenticated User Redirect dropdown in the Post Authentication tab in the Web Admin

2. An unalterable URL will be is auto-populated in the Redirect To field, which will append appends to the domain name and realm number in the address bar (Authorized/SecurePortal.aspx)

3. A customized post authentication page can be uploaded, but it is not required

Warning

Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titlePortal Page
Section
Column
width50%

Column

 

4. Click View and Configure the portal page to dictate which realms will be present are displayed on the Secure Portal

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titlePortal Page Builder
Section
Column
width50%

Column

 

5. Select Token Required from the Portal Page Authorization dropdown to require 2-Factor Authentication into the Secure Portal

Selecting Not Available disables the use of the Secure Portal

Selecting NO Token enables access to the Secure Portal without 2-Factor Authentication, but the realms associated with the Secure Portal will require 2-Factor Authentication if the Workflow dictates it

Selecting GAE enables access with a token from a Google Apps Engine (GAE) SecureAuth instance

6. Check the SecureAuth IdP realms to which the Secure Portal enables SSO access in the Links shown on portal page section

Add images and titles in each of the realms that will appear on the Secure Portal in the Overview instructions below; and restrict access by enabling or disabling Groups in the Data instructions below

Warning

Click Save once the configurations have been completed and before leaving the Secure Portal page to avoid losing changes

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleForms Auth / SSO Token
Section
Column
width50%

Column

 

7. Click View and Configure FormsAuth keys / SSO token

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleForms Authentication
Section
Column
width50%

8. The Forms Based Authentication (FBA) token Name must be set and match in each realm for which SSO is enabled

By default, the Name will be is set to .ASPXFORMSAUTH[realm#], but it can be changed to any name

If a realm has already been set up for SSO, then the Name from that realm will be is used here

Column

9. The common Domain of the realms must be set and match in each realm for which SSO is enabled

By default, this field is left empty and SecureAuth IdP will utilize utilizes the appliance's domain

If a realm has already been set up for SSO, then the Domain from that realm will be is used here

Section
Column
width50%

Column

UI Text Box
typeinfo

The FBA Token Require SSL, Cookieless, and Sliding Expiration settings must match across the SSO realms; the Timeout values can be distinct

10. Set the Validation Key and the Encryption Key by clicking Generate New Keys

These fields must match in each realm for which SSO is enabled

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleMachine Key
Section
UI Text Box
typewarning
If a realm has already been set up for SSO, then do not click Generate New Keys; the Validation Key and Encryption Key from that realm will be are used here
Section
Column
width50%

Column
width50%

UI Text Box
typeinfo

The Validation and Decryption settings must match across the SSO realms

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleAuthentication Cookies
Section
Column
width50%

Column

 

11. The Pre-Auth Cookie and the Post-Auth Cookie must be set and match in each realm for which SSO is enabled

If a realm has already been set up for SSO, then the Pre-Auth Cookie and the Post-Auth Cookie from that realm will be are used here

UI Text Box
typeinfo

The Persistent and Clean Up Pre-Auth Cookie settings must match across the SSO realms

Anchor
Overview
Overview

Warning

Click Save once the configurations have been completed and before leaving the Forms Auth / SSO Token page to avoid losing changes

Info
Panel
borderColor#f5a863
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#f5a863
borderStylesolid
titleBest Practices
UI Text Box
typenote

These Best Practice configurations are completed in realms that are connected to the Secure Portal (selected in step 6), not in the Secure Portal realm

#116490#116490
Panel
borderColor#145570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#145570
borderStylesolid
titleApplication Logo Displayed on Secure Portal Page
UI Text Box

Follow these configuration steps to modify the realm's information on the Secure Portal page, which includes application logo (image) and application title for immediate recognition

These optional steps are completed in the realms associated to the Secure Portal realm, NOT in the Secure Portal realm itself

Panel
borderColor
#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor
#126591
borderStylesolid
titleOverview
Section
Column
width50%

Image Modified

Column

Image Modified

Anchor
Data
Data

Section
Column
width50%
12

1. In the

SecureAuth IdP realms that will be part of the Secure Portal

Details section, upload the Application Logo in the Details section, which

will appear

appears on the Secure Portal page

Column
13. Write

2. In the Look and Feel section, write in the Application Title in the Document Title and the Page Header fields (typically the same) in the Look and Feel section, which

will

appear on the Secure Portal with the Application Logo

Warning

Click Save once the configurations have been completed and before leaving the Overview page to avoid losing changes

Panel
borderColor#116490#145570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490#145570
borderStylesolid
titleGroup Restrictions
UI Text Box

Follow these configuration steps to restrict the realm to specific groups, which then manages which resources are displayed to each user on the Secure Portal page

These optional steps are completed in the realms associated to the Secure Portal realm, NOT in the Secure Portal realm itself

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleData
Section
Column
width50%
Image Removed

Image Added

Column

 

14, select Allow Access to create a list of groups that can access the realm; or Deny Access to create a list of groups that cannot access the realm in the Membership Connection Settings section

15. Provide the list of user groups that can or cannot access the realm in the User Groups field

For example, restrict a realm so that only admins can access it, or only the marketing department cannot access it

16. Set the Groups Field to the directory field in which the group assignments are contained, e.g. memberOf

1. In the

SecureAuth IdP realms that will be part of the Secure Portal

Profile Connection Settings section, set the Allowed User Groups to the group(s) that can access this application, comma separated

UI Text Box
typeinfo

The example shown is for a Directory Server, but the step is the same for SQL-type data stores

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleProfile Fields
Section
Column
width50%

Image Added

Column

 

2. Map the Groups Property to the directory attribute that contains the user's group information, e.g. memberOf

UI Text Box
typeinfo

This step is required for LDAP directories only

For SQL-type data stores, the information must be provided in the Tables and Stored Procedures

Warning

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes