Adding 2FA to Virtual System Administrator (VSA) ver. R9.1 - Newer

Note: This integration does not support the use of Push. You will need to use OTP.

When you access the AuthAnvil Module for the first time in Virtual System Administrator R9.1 - newer you will notice a configuration wizard. This configuration wizard will allow you to configure the AuthAnvil integration built into VSA R9.1

Note: This integration requires a working AuthAnvil tenant. If you are not a current AuthAnvil subscriber please contact IAM.sales@kaseya.com for more information about signing up.

 

  1. Log into Virtual System Administrator R9.1
    2fa6.PNG
  2.  Select the AuthAnvil Module > Configure AuthAnvil Settings
    2fa.PNG
  3. Select - I would like to configure Two Factor Auth Only.2favrpws.png
  4. Select Begin.
    Next Enter the SAS URL for your AuthAnvil Server.2fa2.PNG
    Note: Your SAS URL will be https://(Your company).my.authanvil.com/AuthAnvil/SAS.asmx
    : Site ID is always 1
  5. Define a White listed User that will not require Two Factor Authentication.2favrpws2.png
  6. Select Verify Settings.
    2favrpws3.png
  7. Once you see the settings are valid select Next.
  8. Now that you have the logon protection configured you can select Finish to apply the settings.2fa5.PNG

You should now see the same logon prompt when a user that is required to use 2FA logs in.


2fa6.PNG

Note: You will not see the 2FA prompt until after you enter your password and select Log On.

Note: This requires a login from a user not in the White list.


logonprompt.PNG
Note: Users will need to enter a four digit pin here as well as the One Time Password.
For the Pin your users will use Pin: 1111
The actual Pin requirement was a hold over from the old On-Prem configuration. On-Demand does not use the Pin, however it respects the value being submitted.

Note: If you are using R9.4 - newer only the OTP is required.

 

Configuration

Once logged in you can manage your user & IP white lists via AuthAnvil Module >Two Factor Auth > Configure Kaseya Logon

2fa7.PNG

In the AuthAnvil Module you can choose to enable the Two Factor logon requirement.

White listed users should be entered in the following format. Comma separated with no spaces

fred,john,james to domain.com/fred,domain.com/john,domain.com/james

 

IP's can be entered as comma separated with no spaces. IP's will need be entered using CIDR format.

Example: 192.168.1.1/32,10.10.1.1/32

 

Select Save Settings before logging out.

Have more questions? Submit a request

0 Comments

Article is closed for comments.