Let's see the main steps about how to configure a 2FA authentication using a soft token with Quest Defender.
Let's see the main steps about how to configure a 2FA authentication using a soft token with Dell Defender.
Main scenario and assumptions: our web-portal is protected by "Dell Cloud Access Manager" and the identities are stored into a Domain Controller.
- IAM-AD / *.181- Where our Domain Controller is installed
- IAM-CAM / *.182 - Where our Cloud Access Manager is installed
- IAM-WS / *.183 - Where our Web-Portal is installed
The following steps will not explain how to unzip and install the product Defender, but we will assume that the product will be already installed in the same machine where Cloud Access Manager is installed, IAM-CAM.
1) as you might detect, after the installation of IAM-CAM, a copy of Active Directory will be created on the IAM-CAM host. This is done to prevent to block authetications in the case that the main Domain Controller (IAM-AD) could be unreachable.
Open the new Active Directory and check that a new brench has been created during the installation "Defender"
2) Open "Security Server" and create a new Security Server:
Save and close.
3) Open the "Policies" and create a new Policy:
Before closing the Policy go in Server tab and assign the Security Server created in the previous point. Save and close.
4) Open the "Access Nodes" and create and Access Node using the following information:
5) Open installation folder and launch "Security Server\DSSConfigADE.exe" and configure the Active Directory connection:
Open the "Test Connection" tab and verify that the connection is properly working
6) Depending on your access manager, check the front ends portal authentication and choose to use a Two-Factors Authentication model, configuring the needed parameters to bind with the Domain Controller.
7) Open from the machine where Defender is installed: "http://localhost:8080/Home/Login?wherenext=%2F".
Note1: We discourage to use Internet Explorer, use instead Firefox or Chrome.
Note2: "camadm" is not the default user that you might find into your system, but the user admin that was used to configure Cloud Access Manager, you might use another user (i.e. Administrator):
8) Open "Administer Defender"
9) Open "Self-Service Settings" and open "Email settings". Configure your SMTP server.
10) Open "Management" and in the tab user search for the user you want to grant the access.
11) Click on "Program Token" and choose the device that you will use for the Two-Factor Authentication (i.e. Smartphone), select the OS of that device and confirm the email address of the user that will receive the email.
12) Install "Defender Soft Token" from the "Play Store"/"Apple Store" and enter the code received by email.
13) That's it: open the protected page, it will be displayed the Access Manager login page, where you will login using your first authenticator (email + password). Once entered, a second page will be displayed to enter code that will be displayed on your "Defendere Soft Token" application.