Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColor#135570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#135570
borderStylesolid
titleAdmin Realm Configuration Steps
UI Tabs
UI Tab
titleVersion 9.0.0
Panel
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#135570
borderStylesolid
titleAdmin Realm Configuration Steps
Panel
borderColor
borderColor
#135570
#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleOverview
Section
Column
width50%

Image Removed

Column

 

1. In the Details section, SecureAuth0 is set as the Realm Name

2. (optional) Provide a Realm Description

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Overview page to avoid losing changes

Anchor
advancedadvanced
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleAdvanced Settings
Section
Column
width50%

Image Removed

Column

 

3. Click Email Settings to configure the SMTP settings

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleEmail Settings
Section
Column
width50%

Image Removed

Column

 

4. Provide the Simple Mail Transfer Protocol (SMTP) Server Address through which SecureAuth IdP will send emails

5. Change the Port from the defaulted 25 if the SMTP server utilizes a different one

6. Provide the Username, Password, and/or Domain if required by the SMTP Relay

UI Text Box
typenote

If the fields are not required by the SMTP Server, then only the Server Address and Port number need to be set

7. If emails will be sent through a Secure Socket Layer (SSL), then select True from the SSL dropdown

8. (optional) Upload a Logo that will be used in the SecureAuth IdP email messages

9. Provide the Subject of the SecureAuth IdP email messages

10. Provide the Sender Address of the SecureAuth IdP email messages

11. Provide the Sender Name of the SecureAuth IdP email messages

12. Select a Template that will be used for the SecureAuth IdP email messages

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Email Settings page to avoid losing changes.

UI Text Box
typeinfo

For all Overview configuration steps, refer to Overview Tab Configuration

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleData
Anchor
WebAdminWebAdmin
Section
Column
width50%

Image Removed

Column
UI Text Box
typeinfo

Notes

  • Steps 13- 21 are only required if allowing remote access (through web interface) to SecureAuth0 (Web Admin)
  • Step 22 is only required if utilizing Multi-Factor Authentication for remote access

13. In the Membership Connection Settings section, select the directory with which SecureAuth IdP will integrate for 2-Factor Authentication and assertion from the Data Store dropdown

14. Follow the distinct configuration steps for the specific data store in additional to the configuration steps on this page:

UI Text Box
typetip

SecureAuth advises configuring access to the SecureAuth0 realm with security best practices in mind. Recommendations are listed below, but it is the customer's responsibility to determine the best settings for their specific deployment. These recommendations do not constitute a guarantee of security.

15. Restrict access to SecureAuth0 to a specific admin group:

    1. In the corporate data store, create an admin user group comprised of only those members who will have access to the Web Admin
    2. In the User Groups (AD/LDAP) or Allowed Groups (SQL) field, enter the name of the admin group
    3. (AD/LDAP) In the User Group Check Type field, select Allow Access
    4. (AD/LDAP) Set the Groups Field field to the LDAP attribute that contains user group information, e.g. memberOf
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleProfile Fields
UI Text Box
typeinfo

This section is for LDAP data stores only; refer to the specific directory configuration guide for more information

Section
Column
width50%

Image Removed

Column
width50%

 

16. Map the SecureAuth IdP Property to the appropriate data store Field

For example, Groups is located in the memberOf data store Field

17. If another directory is enabled in the Profile Connection Settings section and contains the Property, then change the Source from Default Provider

18. Check Writeable for a Property that will be changed in the data store by SecureAuth IdP

For example, user account information (telephone number) or authentication mechanisms (knowledge-based questions, fingerprints)

UI Text Box
typetip

The Fields listed are only examples, as each data store is organized differently and may have different values for each Property

UI Text Box
typeinfo

For all Data configuration steps, refer to Data Tab Configuration

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleWorkflow
Section
Column
width50%

Image Removed

Column

 

19. In the Product Configuration section, select the Integration Method, and the Client Side Control and IE / PFX / Java Cert Type that apply to the first selection

See variations in Workflow Tab Configuration

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleWorkflow
Section
Column
width50%

Image Removed

Column

 

 

UI Text Box
typetip

SecureAuth advises configuring remote access to the SecureAuth0 realm with security best practices in mind. Recommendations are listed below, but it is the customer's responsibility to determine the best settings for their specific deployment. These recommendations do not constitute a guarantee of remote security.

Enforce full authentication requirements for every logon attempt to the Admin realm (SecureAuth0)

20. Set the Public/Private Mode field to Public Mode Only

This forces users to authenticate fully on every logon attempt

21. Set Authentication Mode to Standard User / 2nd Factor / Password

UI Text Box
typeinfo

For all Workflow configuration steps, refer to Workflow Tab Configuration

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Workflow page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleMulti-Factor Methods
Section
Column
width50%

Image Removed

Column

 

22. In the Registration Configuration section, enable at least one of the many authentication mechanisms if a 2-Factor Authentication Authentication Mode is selected in the Workflow tab

UI Text Box
typeinfo

For all Registration Methods configuration steps, refer to Registration Methods / Multi-Factor Methods Tab Configuration

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Multi-Factor Methods page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titlePost Authentication
Section
Column
width50%

Image Removed

Column

 

23. In the Post Authentication section, the Authenticated User Redirect and Redirect To fields are auto-populated

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleForms Auth / SSO Token
Section
Column
width50%

Image Removed

Column

 

24. (optional) Click View and Configure FormsAuth keys / SSO token to configure SecureAuth0's token/cookie settings

Excerpt
Expand
titleTo configure this realm's token / cookie settings, follow these steps:
Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleForms Authentication
Section
Column
width50%

Image Removed

Column

 

1. If SSL is required to view the token, select True from the Require SSL dropdown

2. Choose whether SecureAuth IdP will deliver the token in a cookie to the user's browser or device:

  • UseCookies enables SecureAuth IdP to always deliver a cookie
  • UseUri disables SecureAuth IdP to deliver a cookie, and instead deliver the token in a query string
  • AutoDetect enables SecureAuth IdP to deliver a cookie if the user's settings allow it
  • UseDeviceProfile enables SecureAuth IdP to deliver a cookie if the browser's settings allow it, no matter the user's settings

3. If the cookie remains valid as long as the user is interacting with the page, set the Sliding Expiration to True

4. Set the Timeout length to determine for how many minutes a cookie is valid

UI Text Box
typenote

No configuration is required for the Name, Login URL, or Domain fields

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleMachine Key
Section
Column
width50%

Image Removed

Column

 

5. No changes are required in the Validation field unless the default value does not match the company's requirement

If a different value is required, select it from the dropdown

6. No changes are required in the Decryption field unless the default value does not match the company's requirement

If a different value is required, select it from the dropdown

UI Text Box
typenote

No configuration is required for the Validation Key or Decryption Key fields

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleAuthentication Cookies
Section
Column
width50%

Image Removed

Column

 

7. Enable the cookie to be Persistent by selecting True - Expires after Timeout from the dropdown

Selecting False - Session Cookie enables the cookie to be valid as long as the session is open, and will expire once the browser is closed or the session expires

UI Text Box
typenote

No configuration is required for the Pre-Auth CookiePost-Auth Cookie, or the Clean Up Pre-Auth Cookie fields

UI Text Box
typewarning

Click Save once the configurations are completed and before leaving the Forms Auth / SSO Token page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleLogs
Section
Column
width50%

Image Removed

Column

 

25. In the Log Options section, provide the Log Instance ID, e.g. the Application Name or the realm name (SecureAuth3)

26. Check which Audit, Debug, and Error Logs to enable

Expand
titleIf SysLog is enabled
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleSysLog
Section
Column
width50%

Image Removed

Column

 

1. Provide the FQDN or IP Address of the Syslog Server

2. Provide the SysLog Port number

Expand
titleIf Database is enabled
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleLog Database
Section
Column
width50%

Image Removed

Column

 

1. Provide the FQDN or the IP Address of the database in the Data Source field

2. Provide the Database Name in the Initial Catalog field

3. Select True from the Integrated Security dropdown if the webpage's ID is to be included in the Connection String

4. Select True form the Persist Security Info dropdown if access to username and password information is allowed

5. Provide the User ID of the Database

6. Provide the Password associated to the User ID

7. Click Generate Connection String, and the Connection String will auto-populate based on the previous fields

8. Click Test Connection to ensure that the integration is successful

9. Click Save to all Realms if these Database settings are to be used in each SecureAuth IdP realm

UI Text Box
typeinfo

For all Logs configuration steps, refer to Logs Tab Configuration

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Logs page to avoid losing changes

UI Tab
titleVersion 9.0.1+

Image Modified

Panel
borderColor#135570
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#135570
borderStylesolid
titleAdmin Realm Configuration Steps
Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleOverview
Section
Column
width50%
Column

 

1. In the Details section, SecureAuth0 is set as the Realm Name

2. (optional) Provide a Realm Description

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Overview page to avoid losing changes

Anchor
advanced
advanced

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleAdvanced Settings
Section
Column
width50%

Image Modified

Column

 

3. Click Email Settings to configure the SMTP settings

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleEmail Settings
Section
Column
width50%
Image Removed

Image Added

Column

 

4. Provide the Simple Mail Transfer Protocol (SMTP) Server Address through which SecureAuth IdP will send emails

5. Change the Port from the defaulted 25 if the SMTP server utilizes a different one

6. Provide the Username, Password, and/or Domain if required by the SMTP Relay

UI Text Box
typenote

If the fields are not required by the SMTP Server, then only the Server Address and Port number need to be set

7. If emails will be sent through a Secure Socket Layer (SSL), then select True from the SSL dropdown

8. (optional) Upload a Logo that will be used in the SecureAuth IdP email messages

9. Provide the Subject of the SecureAuth IdP email messages

10. Provide the Sender Address of the SecureAuth IdP email messages

11. Provide the Sender Name of the SecureAuth IdP email messages

12. Select a Template that will be used for the SecureAuth IdP email messages

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Email Settings page to avoid losing changes

UI Text Box
typeinfo

For all Overview configuration steps, refer to Overview Tab Configuration

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleData

Anchor
WebAdmin
WebAdmin

Section
Column
width50%

Image Modified

Column
UI Text Box
typeinfo

Notes

  • Steps 13 - 21 are only required if allowing remote access (through web interface) to SecureAuth0 (Web Admin)
  • Step 22 is only required if utilizing Multi-Factor Authentication for remote access

13. In the Membership Connection Settings section, select the directory with which SecureAuth IdP will integrate for Multi-Factor Authentication and assertion from the Data Store dropdown

14. Follow the distinct configuration steps for the specific data store in additional to the configuration steps on this page:

UI Text Box
typetip

SecureAuth advises configuring access to the SecureAuth0 realm with security best practices in mind. Recommendations are listed below, but it is the customer's responsibility to determine the best settings for their specific deployment. These recommendations do not constitute a guarantee of security.

15. Restrict access to SecureAuth0 to a specific admin group.

    1. In the corporate data store, create an admin user group comprised of only those members who will have access to the Web Admin
    2. In the User Groups (AD/LDAP) or Allowed Groups (SQL) field, enter the name of the admin group
    3. (AD/LDAP) In the User Group Check Type field, select Allow Access
    4. (AD/LDAP) Set the Groups Field field to the LDAP attribute that contains user group information, e.g. memberOf
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleProfile Fields
UI Text Box
typeinfo

This section is for LDAP data stores only; refer to the specific directory configuration guide for more information

Section
Column
width50%

Image Modified

Column
width50%

 

16. Map the SecureAuth IdP Property to the appropriate data store Field

For example, Groups is located in the memberOf data store Field

17. If another directory is enabled in the Profile Connection Settings section and contains the Property, then change the Source from Default Provider

18. Check Writeable for a Property that will be changed in the data store by SecureAuth IdP

For example, user account information (telephone number) or authentication mechanisms (knowledge-based questions, fingerprints)

UI Text Box
typeinfo

The Fields listed are only examples as each data store is organized differently and may have different values for each Property

UI Text Box
typeinfo

For all Data configuration steps, refer to Data Tab Configuration

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Data page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleWorkflow
Section
Column
width50%

Image Modified

Column

 

19. In the Device Recognition Method section, select the Integration Method, and the Client Side Control and IE / PFX / Java Cert Type that apply to the first selection

See variations in Workflow Tab Configuration

(version 9.0.1+)

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleWorkflow
Section
Column
width50%

Image Modified

Column

 

 

UI Text Box
typetip

SecureAuth advises configuring remote access to the SecureAuth0 realm with security best practices in mind. Recommendations are listed below, but it is the customer's responsibility to determine the best settings for their specific deployment. These recommendations do not constitute a guarantee of remote security.

Enforce full authentication requirements for every logon attempt to the Admin realm (SecureAuth0)

20. Set the Default Workflow to Username | Second Factor | Password

21. Set the Public/Private Mode field to Public Mode Only

This forces users to authenticate fully on every logon attempt

UI Text Box
typeinfo

For all Workflow configuration steps, refer to Workflow Tab Configuration

(version 9.0.1+)

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Workflow page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleMulti-Factor Methods
Section
Column
width50%
Image Removed

Image Added

Column

 

22. In the Registration Configuration section, enable at least one of the many authentication mechanisms if a Multi-Factor Authentication Default Workflow is selected in the Workflow tab

UI Text Box
typeinfo

For all Multi-Factor Methods configuration steps, refer to

Registration Methods /

Multi-Factor Methods Tab Configuration

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Multi-Factor Methods page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titlePost Authentication
Section
Column
width50%

Image Modified

Column

 

23. In the Post Authentication section, the Authenticated User Redirect and Redirect To fields are auto-populated

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes

Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleForms Auth / SSO Token
Section
Column
width50%

Image Modified

Column

 

24. (optional) Click View and Configure FormsAuth keys / SSO token to configure SecureAuth0's token/cookie settings

Excerpt
Expand
titleTo configure this realm's token / cookie settings, follow these steps:
Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleForms Authentication
Section
Column
width50%

Image Modified

Column

 

1. If SSL is required to view the token, select True from the Require SSL dropdown

2. Choose whether SecureAuth IdP will deliver the token in a cookie to the user's browser or device:

  • UseCookies enables SecureAuth IdP to always deliver a cookie
  • UseUri disables SecureAuth IdP to deliver a cookie, and instead deliver the token in a query string
  • AutoDetect enables SecureAuth IdP to deliver a cookie if the user's settings allow it
  • UseDeviceProfile enables SecureAuth IdP to deliver a cookie if the browser's settings allow it, no matter the user's settings

3. If the cookie remains valid as long as the user is interacting with the page, set the Sliding Expiration to True

4. Set the Timeout length to determine for how many minutes a cookie is valid

UI Text Box
typenote

No configuration is required for the Name, Login URL, or Domain fields

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleMachine Key
Section
Column
width50%

Image Modified

Column

 

5. No changes are required in the Validation field unless the default value does not match the company's requirement

If a different value is required, select it from the dropdown

6. No changes are required in the Decryption field unless the default value does not match the company's requirement

If a different value is required, select it from the dropdown

UI Text Box
typenote

No configuration is required for the Validation Key or Decryption Key fields

Panel
borderColor#009fd9
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#009fd9
borderStylesolid
titleAuthentication Cookies
Section
Column
width50%

Image Modified

Column

 

7. Enable the cookie to be Persistent by selecting True - Expires after Timeout from the dropdown.

Selecting False - Session Cookie enables the cookie to be valid as long as the session is open, and will expire once the browser is closed or the session expires.

UI Text Box
typeinfo

No configuration is required for the Pre-Auth CookiePost-Auth Cookie, or the Clean Up Pre-Auth Cookie fields

UI Text Box
typewarning

Click Save once the configurations are completed and before leaving the Forms Auth / SSO Token page to avoid losing changes

Panel
borderColor#116490
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#116490
borderStylesolid
titleLogs
Section
Column
width50%

Image Modified

Column

 

25. In the Log Options section, provide the Log Instance ID, e.g. the Application Name or the realm name (SecureAuth3)

26. Check which Audit, Debug, and Error Logs to enable

Expand
titleIf SysLog is enabled
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleSysLog
Section
Column
width50%

Image Modified

Column

 

1. Provide the FQDN or IP Address of the Syslog Server

2. Provide the SysLog Port number

Expand
titleIf Database is enabled
Panel
borderColor#007fb2
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#007fb2
borderStylesolid
titleLog Database
Section
Column
width50%

Image Modified

Column

Configure the following settings:

1. Data Source: Provide the FQDN or the IP Address of the database

2. Initial Catalog: Provide the Database Name

3. Integrated Security: If the webpage's ID is to be included in the Connection String, select True

4. Persist Security Info: Select True if access to username and password information is allowed

5. Connection Timeout: Set an amount of time (in seconds) before the connection times out and the admin must re-authenticate

6. User ID: Provide the User Id of the Database

7. Password: Provide the Password associated with the User ID

8. Click Generate Connection String

The Connection String will auto-populate based on the previous fields

9. Click Test Connection to ensure that the integration is successful

10. If these Database settings are to be used in each SecureAuth IdP realm, click Save to all Realms

UI Text Box
typeinfo

For all Logs configuration steps, refer to Logs Tab Configuration

UI Text Box
typewarning

Click Save once the configurations have been completed and before leaving the Logs page to avoid losing changes

Panel
borderColor#000000#008388
bgColorwhite
titleColorwhite
borderWidth1
titleBGColor#000000#008388
borderStylesolid
titleWhat's Next

Move on to Web Admin Part III - Configure a Blueprint Realm to configure a realm with common settings that should be used across all realms

For further information

Support options

Web: https://support.secureauth.com
Phone: 949-777-6959 option 2
Support Documentation Searchable Database: https://docs.secureauth.com
SecureAuth Services Status and Notification Service: https://www.secureauth.com/Support/Current-Service-Status-and-Alerts.aspx