Adding On-Premises Password Server

Note: This configuration requires you to have an AuthAnvil On-Premises Password Server v2.8 - newer installed before you begin.
If you do not have an AAoP subscription please contact IAM.sales@kaseya.com 

To add the On-Premises Password Server application to your On-Demand tenant launchpad please follow these steps.


Configuring your On-Demand tenant

Log into your On-Demand tenant

 

  1. Select Directory Manager.
  2. Select Groups.
    Select the green plus sign in the bottom right corner.

    Name the Group Password Server Users.
    Note: If you have other existing Groups for SSO users you can use one of these as well.
    Select ADD GROUP.
  3. Select SSO Manager.
  4. Select the green plus sign in the bottom right corner.
  5. Select Password Server
  6. Select Application is Enabled.

    Choose the desired Authentication Policy.
  7. Select Protocol.

    Update the Assertion Consumer Service URL to reflect your On-Premises FQDN.
  8. Select Advanced Settings.
  9. Under Signing Algorithm
    Select SHA256
    Note:
    If you installed Password Server v2.8 before Mar. 4th 2017 please apply this Hotfix before you attempt to use this integration.
  10. Select Add Application.
  11. Select Permissions.
    You will need to grant the application access to your desired user group.
  12. Select Signing and Encryption.
  13. Select Download Certificate

    Note: You will need this certificate to configure the Password Server.
  14. Select Save Changes.

 

Allowing your On-Demand tenant access to your Premises Password Server

  1. Log into your On-Premises Password Server.
  2. Select Admin > General Settings
  3. Select AuthAnvil Two Factor Auth Settings.
  4. Set the AuthAnvil SAS URL: https://(Your On-Demand Tenant)AuthAnvil/SAS.asmx
  5. Set the Site ID as 1
  6. Select Single Sign-On Settings
  7. Select Enable Single Sign On box.
  8. Fill in the following information for your AuthAnvil SSO server:
    Issuer: https://(Your On-Demand Tenant)/AuthAnvil/SSO/Trust/site1
    Identity Provider Login URL: https://(Your On-Demand Tenant)/SSO/logon.aspx
    Identity Provider Logout URL: https://(Your On-Demand Tenant)/SSO/authorizedapps.aspx
  9. Select Import New SSO Certificate and upload the certificate you downloaded from your On-Demand Tenant.
  10. Select Save Changes.

 

Verifying Functionality

Once the configuration is complete, you should test that everything is working as expected.

  1. Log out of all existing AuthAnvil Password Server sessions before logging in.
  2. Log into your On-Demand tenant Launchpad.
  3. Select Password Server. You should now be logged into the On-Premises Password Server.
Have more questions? Submit a request

0 Comments

Article is closed for comments.