For example, if you add a Network Location to a policy, the policy only applies to user authentications that come from that Network Location. When you add a policy object to a policy, the policy only applies to user authentications that match the conditions of the policy objects. (Optional) If you have configured policy objects such as a Network Location, select which policy objects apply to this policy. To configure this policy to apply to all resources, select All Resources. Select which resources this policy applies to.To configure this policy to apply to all groups, select All Groups. Select which groups this policy applies to.For example, if you select OTP and Push, users can choose to type their OTP or approve a push to authenticate. From the Select the authentication options drop-down list, select Authentication options and select which authentication options users can choose from when they authenticate.įor SAML resources, if you select more than one authentication option, users must select one of the available options when they authenticate.From the navigation menu, select Authentication Policies.Users that do not have an authentication policy for a specific resource cannot authenticate to log in to that resource. You can add this resource to your existing authentication policies. If you already have authentication policies, you do not have to create a new authentication policy. We recommend that you configure authentication policies for your resources before you sync users form your external database to AuthPoint. (Optional) In the Description text box, type a description of the group.Īdd an Authentication Policy to AuthPointĪuthentication policies specify which resources users can authenticate to and which authentication methods they can use (Push, QR code, and OTP).In the Name text box, type a descriptive name for the group.From the navigation menu, select Groups.If you already have a group, you do not have to add another group. You must have at least one user group in AuthPoint to configure MFA. (Recommended) Configure authentication policies Authentication policies specify which resources users can authenticate to and which authentication methods they can use (Push, QR code, and OTP).If stunnel does not run, use this command to reload the stunnel configure file: $ sudo stunnel nf Configure AuthPointīefore you can sync your users to AuthPoint, you must: To enable stunnel, edit /etc/default/stunnel4 and set ENABLED=1.Create a configuration file /etc/stunnel/nf with these contents (ldap-client.crt is the certificate and ldap-client.key is the key):.Copy the Google Workspace certificate that you downloaded in the previous section to the stunnel folder ( /etc/stunnel).For example, on Ubuntu you would type this command: Verify that the status of your LDAP client is on.Navigate back to the LDAP client settings page.Record the generated credentials (user name and password).The Access credentials screen appears with the generated credentials. You need this certificate to complete the steps in the next section. Specify the access permissions for the LDAP client.In our example, we name the LDAP client AuthPoint. Enter a name and description for this LDAP client.From the navigation menu, select Apps > LDAP.Log in to Google Workspace as an administrator.A token is assigned to a user in AuthPoint.End-users can log in to Google Workspace.Topologyīefore you begin these procedures, make sure that: They pull user information and create AuthPoint user accounts for the users that are found. The queries you add to an external identity specify which users to sync from. They connect to user databases to get user account information and validate passwords. In AuthPoint, LDAP external identities represent external user databases. To sync users from Google Workspace, you must add an LDAP external identity in AuthPoint and create one or more queries. This document describes how to sync users from Google Workspace to AuthPoint. Google Workspace LDAP Synchronization with AuthPoint Deployment Overview
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |