Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColor#145570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#145570
borderStylesolid
titleSecureAuth IdP Web Admin Configuration Steps - System Info Tab

Anchor
Proxy1
Proxy1

Panel
borderColor#126591
bgColorwhite
titleColorwhite
titleBGColor#126591
titleStep A: Review / Configure System Info and Plugin Info
Section
Column
width50%

Column

 

1. In the System Info section, the SecureAuth Version number is provided for reference

In SecureAuth IdP version 9.1, the License Expires date is also provided for reference – this information does not appear in SecureAuth IdP version 9.2

Info
iconfalse
Expand
titleSample System Info section in SecureAuth IdP version 9v9.2 or later...

2. If necessary, click Decrypt to decrypt the web.config file so that the web.config file can be viewed in its entirety

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titlePlugin Info
Section

3. Plugin information is provided for reference, and no configuration is required unless a specific version is required (not typical)

Section
Column
width50%

Column
width50%

Panel
borderColor#126591
bgColorwhite
titleColorwhite
titleBGColor#126591
titleStep B: Complete WSE 3.0 / WCF Configuration

Select the SecureAuth IdP version (v9.1, or v9.2 or later) and follow steps 4 - 6

UI Expand
borderWidth1
titleFor SecureAuth IdP v9.1...
Section
Column
width50%

Column

 

 4. Select True from the following dropdowns if SecureAuth IdP is to use message-level security (WSE 3.0 / WCF) to make a web service call to issue a certificate (default), and keep the default URL settings: 

  • Certificate Use WSE 3.0
  • Telephony Use WSE 3.0
  • SMS Use WSE 3.0
  • Push Use WSE 3.0

5. Select False from the Trx Use WSE 3.0 dropdown if SecureAuth IdP will not use the message encryption endpoint to make a web service call to issue a certificate (default) – i.e. if transport encryption via TLS will be used instead of WSE 3.0

Or select True if SecureAuth IdP will use the WSE 3.0 message encryption endpoint to make a web service call to issue a certificate, and modify the URL to end in /msg

6. Click Test to ensure the connection is working properly

UI Expand
titleFor SecureAuth IdP v9.2 or later...
Section
Column
width50%

Column

 

4. Select True from the following dropdowns if SecureAuth IdP is to use message-level security (WSE 3.0 / WCF) to make a web service call to issue a certificate (default), and keep the default URL settings:

  • Certificate Use WSE 3.0
  • Telephony Use WSE 3.0
  • SMS Use WSE 3.0
  • Push Use WSE 3.0
  • Geo-Location Use WSE 3.0
  • SecureAuth Threat Service Use WSE 3.0

5. Select False from the Trx Use WSE 3.0 dropdown if SecureAuth IdP will not use the message encryption endpoint to make a web service call to issue a certificate (default) – i.e. if transport encryption via TLS will be used instead of WSE 3.0

Or select True if SecureAuth IdP will use the WSE 3.0 message encryption endpoint to make a web service call to issue a certificate, and modify the URL to end in /msg

6. Click Test to ensure the connection is working properly

UI Text Box
typetip

The following URLs in this section can be configured and updated as necessary, if using the specified feature(s) on this realm:

URLSecureAuth IdP Feature

Link-to-Accept URL

SecureAuth Link-to-Accept Multi-Factor Authentication Method
Phone Fraud Service URLPhone Number Profiling Service
Geo-Location URLAdaptive Authentication
SecureAuth Threat Service URLAdaptive Authentication

 

However, if a proxy server will be used with SecureAuth IdP, click the Proxy Integration Configuration link directly below and follow steps in that section

Expand
titleProxy Integration Configuration
typenote

Select the SecureAuth IdP version (9v9.1, or 9v9.2 or later) and follow steps 4 - 6

UI Expand
titleFor SecureAuth IdP v9.1...
Section
Column
width50%

Column
width50%

 

4. Select False from the following dropdowns:

  • Certificate Use WSE 3.0
  • Telephony Use WSE 3.0
  • SMS Use WSE 3.0
  • Push Use WSE 3.0
  • Trx Use WSE 3.0

5. Set the corresponding URLs as follows:

a. Set Certificate URL to https://cloud.secureauth.com/certservice/cert.svc

b. Set Telephony URL to https://cloud.secureauth.com/telephonyservice/telephony.svc

c. Set SMS URL to https://cloud.secureauth.com/smsservice/sms.svc

d. Set Push URL to https://cloud.secureauth.com/pushservice/push.svc

e. Set Trx Log Service URL to https://cloud.secureauth.com/trxservice/trx.svc

(no step 6)

UI Expand
titleFor SecureAuth IdP v9.2 or later...
Section
Column
width50%

Column
width50%

 

4. Select False from the following dropdowns:

  • Certificate Use WSE 3.0
  • Telephony Use WSE 3.0
  • SMS Use WSE 3.0
  • Push Use WSE 3.0
  • Geo-Location Use WSE 3.0
  • SecureAuth Threat Service Use WSE 3.0
  • Trx Use WSE 3.0

5. Set the corresponding URLs as follows:

a. Set Certificate URL to https://cloud.secureauth.com/certservice/cert.svc

b. Set Telephony URL to https://cloud.secureauth.com/telephonyservice/telephony.svc

c. Set SMS URL to https://cloud.secureauth.com/smsservice/sms.svc

d. Set Push URL to https://cloud.secureauth.com/pushservice/push.svc

e. Set Geo-Location URL to https://cloud.secureauth.com/ipservice/ipgeolocation.svc

f. Set SecureAuth Threat Service URL to https://cloud.secureauth.com/ipservice/ipevaluation.svc

g. Set Trx Log Service URL to https://cloud.secureauth.com/trxservice/trx.svc

(no step 6)

Anchor
scep
scep

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleStep C: Complete SCEP Configuration
Section
Column
width50%

Column

 

7. Select False from the Use SCEP dropdown and keep the default values unless SCEP is in use

If using SCEP, click the SCEP Configuration link directly below and follow steps in that section

Expand
titleSCEP Configuration
Section
Column
width50%

Column
UI Text Box
typenote

Refer to Outbound SCEP Configuration Guide or Inbound SCEP from MobileIron VSP Configuration Guide for full instructions

7a. Select True from the Use SCEP dropdown

7b. Leave the SCEP Web Service URL as the default unless the web service is hosted in a different location

7c. Set the SCEP / NDES URL as the SCEP / NDES Listener URL

7d. Select False from the Inbound SCEP Request

If SecureAuth IdP is to receive inbound SCEP calls from MobileIron, select True

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleStep D: Complete Proxy Server Configuration
Section
Column
width50%

Column

 

8. Select False from the Use Proxy Server dropdown and keep the default values

UI Text Box
titleNote about accepted IP address formats in SecureAuth IdP version 9.2
typenote
Expand
titleAccepted IP address formats in SecureAuth IdP version 9v9.2 or later...
Info

If using SecureAuth IdP version 9.2, IP addresses are accepted in following formats, with multiple entries separated by a comma:

  • Specific IP address: e.g. 72.32.245.182

  • CIDR Notation: e.g. 72.32.245.0/24

  • IP range: e.g. 72.32.245.1-72.32.245.254

Multiple formats can be used on same line

The following example entry is valid:

72.32.245.182,72.32.245.0/24,72.32.245.1-72.32.245.254

However, if a proxy server will be used with SecureAuth IdP, click the Proxy Integration Configuration link directly below and follow steps in that section

Expand
titleProxy Integration Configuration
Section
Column
width50%

Column

 

8a. Select True from the Use Proxy Server dropdown

8b. Set the Proxy Server Address to the proxy's IP Address or FQDN

UI Text Box
titleNote about accepted IP address formats in SecureAuth IdP version 9.2
typenote
Expand
titleAccepted IP address formats in SecureAuth IdP version 9v9.2 or later...
Info

If using SecureAuth IdP version 9.2, IP addresses are accepted in following formats, with multiple entries separated by a comma:

  • Specific IP address: e.g. 72.32.245.182

  • CIDR Notation: e.g. 72.32.245.0/24

  • IP range: e.g. 72.32.245.1-72.32.245.254

Multiple formats can be used on same line

The following example entry is valid:

72.32.245.182,72.32.245.0/24,72.32.245.1-72.32.245.254

8c. Set the Proxy Server Port to the TCP port on which the web proxy server is configured to respond, e.g. 8080

8d. Provide the Proxy Username if the proxy requires authentication

8e. Provide the Proxy Password if the proxy requires authentication

Panel
borderColor#126591
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#126591
borderStylesolid
titleStep E: Complete IP Configuration
Section
Column
width50%

Column
Info
typeinfo

NOTE: If a proxy server will be used with SecureAuth IdP, follow the steps in the Proxy Integration Configuration section below

9. Provide the Public IP Address if NAT is used to alter the SecureAuth IdP IP Address to a Public IP Address

10. Provide the Proxy IP List of addresses that are used between user devices and SecureAuth IdP (proxy, load balancer, gateway, etc.) – separating entries in this list by commas

UI Text Box
titleNote about accepted IP address formats in SecureAuth IdP version 9.2
typenote
Expand
titleAccepted IP address formats in SecureAuth IdP version 9v9.2 or later...
Info

If using SecureAuth IdP version 9.2, IP addresses are accepted in following formats, with multiple entries separated by a comma:

  • Specific IP address: e.g. 72.32.245.182

  • CIDR Notation: e.g. 72.32.245.0/24

  • IP range: e.g. 72.32.245.1-72.32.245.254

Multiple formats can be used on same line

The following example entry is valid:

72.32.245.182,72.32.245.0/24,72.32.245.1-72.32.245.254

11. Leave the IP Http Header Field Name as default unless a different Field Name is required

Expand
titleProxy Integration Configuration
Section
Column
width50%

Column

 

9. List the proxy IP Address in the Proxy IP List field

UI Text Box
titleNote about accepted IP address formats in SecureAuth IdP version 9.2
typenote
Expand
titleAccepted IP address formats in SecureAuth IdP version 9v9.2 or later...
Info

If using SecureAuth IdP version 9.2, IP addresses are accepted in following formats, with multiple entries separated by a comma:

  • Specific IP address: e.g. 72.32.245.182

  • CIDR Notation: e.g. 72.32.245.0/24

  • IP range: e.g. 72.32.245.1-72.32.245.254

Multiple formats can be used on same line

The following example entry is valid:

72.32.245.182,72.32.245.0/24,72.32.245.1-72.32.245.254

(no steps 10 - 11)

Panel
borderColor#126591
bgColorwhite
titleColorwhite
titleBGColor#126591
titleStep F: Review / Configure Remaining Sections
Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleLicense Info
Section
Column
width50%

Column

 

12. No configuration is required in the License Info section, and the Cert Serial Nbr is typically the same as the Client Cert Serial Nbr in the WSE 3.0 / WCF Configuration section

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleCertificate Properties
Section
Column
width50%

Column

 

13. Select Default from the SAN, DC 1, and DC 2 dropdowns to use the default certificate settings

Select Custom to customize a SAN, DC 1, or DC 2 property in a certificate

Select the Field(s) from the Custom SAN / DC 1 / DC 2 dropdown and click Add to customize the property

14. Select No DC 3 from the DC 3 dropdown to eliminate the DC 3 property from the certificate; select Hard drive serial number hash to include the DC 3 property as the hard drive serial number hash

15. Select the hashing algorithm to be used for certificate signing requests from the Certificate Key Identifier dropdown

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleAdvanced Configuration
Section
Column
width50%

Column

 

16. Select True from the Force Frame Break Out to enable SecureAuth IdP pages to break out of iFrame web pages

Anchor
userinputrestrict
userinputrestrict

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleUser Input Restriction
Section
Column
width50%

Column
UI Text Box
typenote

NOTE: This section applies only to SQL, ODBC, and Oracle data stores

17. Set the Max Length for User ID (number of characters)

18. Set the Max Length for Password (number of characters)

19. Set the Max Length for OTP (number of digits)

20. Set the Max Length for KBA (number of characters)

Info

If no limit, set to 0 (default)

21. Create a list of Disallowed Keywords, comma separated

UI Text Box
typewarning

Click Save once the configuration is complete and before leaving the System Info page to avoid losing changes

Panel
borderColor#3e7fa0
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#3e7fa0
borderStylesolid
titleLinks
Section
Column
width50%

Column

 

22. Click Click to view Web Config Backups to view backups and see modifications that have been made

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleConfiguration Back Up Files
Section
Column
width50%

Column

 

22a. View configuration changes and open backup files

22b. Use the back arrow on the browser to return to the Links section

23. Click Click to edit Web Config file to view the entire web.config code file to review and make modifications

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleWeb Config Editor
Section
Column
width50%

Column

 

23a. View the web.config file and make any code modifications here

If a proxy server will be used with SecureAuth IdP, click the Proxy Integration Configuration link directly below and follow steps in that section

Expand
expandedtrue
titleProxy Integration Configuration
Section
Column
width50%

Column

 

23b. Search for wse3IP; you should find 2 lines. Set the values as follows:

  • <add key="wse3IP" value="False" /> 
  • <add key="wse3IPEvaluation" value="False" />
UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Web Config File page to avoid losing changes

...