External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy



Similar documents
Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Access Gateway Advanced Edition

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

SSH to Ubuntu Server Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy IIS Web Agent. Version 7.2

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy Windows Login Agent

External Authentication with Cisco Router with VPN and Cisco EZVpn client Authenticating Users Using SecurAccess Server by SecurEnvoy

Defender Token Deployment System Quick Start Guide

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

SecurEnvoy Security Server Installation Guide

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Multi-factor Authentication using Radius

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

HOTPin Integration Guide: DirectAccess

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Hosted Microsoft Exchange Client Setup & Guide Book

Active Directory integration with CloudByte ElastiStor

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Authentication Node Configuration. WatchGuard XTM

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Immotec Systems, Inc. SQL Server 2005 Installation Document

Agent Configuration Guide

1 Summary. Step by Step Guide to implement SMS authentication to Bluecoat ProxySG

Hosted Microsoft Exchange Client Setup & Guide Book

QUANTIFY INSTALLATION GUIDE

NSi Mobile Installation Guide. Version 6.2

Defender EAP Agent Installation and Configuration Guide

SecurEnvoy Security Server Administration Guide

BlackShield ID Best Practice

SafeWord Domain Login Agent Step-by-Step Guide

INSTALLATION INSTRUCTIONS FOR UKSSOGATEWAY

Cloud Services ADM. Agent Deployment Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Note that if at any time during the setup process you are asked to login, click either Cancel or Work Offline depending upon the prompt.

BlackShield ID Agent for Remote Web Workplace

Two-Factor Authentication

Important Notes for WinConnect Server ES Software Installation:

2X ApplicationServer & LoadBalancer Manual

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

WhatsUp Gold v16.3 Installation and Configuration Guide

Access to Webmail services via a Non Trust Computer

RSA Authentication Manager 7.1 Basic Exercises

WhatsUp Gold v16.1 Installation and Configuration Guide

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Strong Authentication for Microsoft TS Web / RD Web

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

WHITE PAPER Citrix Secure Gateway Startup Guide

Configuring Global Protect SSL VPN with a user-defined port

IIS, FTP Server and Windows

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

Deploying RSA ClearTrust with the FirePass controller

Active Directory Management. Agent Deployment Guide

Configuring the Palo Alto Firewall for use with Juniper Steel-Belted RADIUS.

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Remote Access with Outlook 2003 Using RPC over HTTPS

NeoMail Guide. Neotel (Pty) Ltd

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Quick Scan Features Setup Guide

Re-associating.ica file extension on Vista/Windows 7 machines

FTP, IIS, and Firewall Reference and Troubleshooting

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

McAfee One Time Password

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Delegated Administration Quick Start

Important Notes for WinConnect Server VS Software Installation:

Test Case 3 Active Directory Integration

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

INSTALL AND CONFIGURATION GUIDE. Atlas 5.1 for Microsoft Dynamics AX

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Preparing for GO!Enterprise MDM On-Demand Service

Enable VPN PPTP Server Function

Click Studios. Passwordstate. Installation Instructions

Using RD Gateway with Azure Multifactor Authentication

Transcription:

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale Reading RG7 4AB Tony Davis tdavis@securenvoy.com

Windows 2012 R2 Server with Remote Desktop Web Gateway Integration Guide This document describes how to integrate a Windows 2012 R2 Remote Desktop Web (RDWeb) Gateway installed with SecurEnvoy two-factor Authentication solution called SecurAccess. Microsoft Windows 2012 R2 Remote Desktop provides Web based Secure Application Access to the internal corporate network. Connections to Remote Desktop must be made from a browser and not directly from a terminal server client. Note This document relates only to RDWeb access. If you want to authenticate Remote Desktop Client connections as well you will need to install Windows Login Agent on the Terminal Server hosts instead of this solution: see http://www.securenvoy.com/integrationguides/windows%20login%20agent.pdf SecurAccess provides two-factor, strong authentication for remote Access solutions (such as Microsoft), without the complication of deploying hardware tokens or smartcards. Two-Factor authentication is provided by the use of (your PIN and your Phone to receive the one time passcode). SecurAccess is designed as an easy to deploy and use technology. It integrates directly into Microsoft s Active Directory and negates the need for additional User Security databases. SecurAccess authentication server is directly integrated with LDAP or Active Directory in real time. SecurEnvoy Security Server can be configured in such a way that it can use the existing Microsoft password. Utilising the Windows password as the PIN, allows the User to enter their UserID, Windows password and One Time Passcode received upon their mobile phone. This authentication request is passed via the SecurEnvoy Microsoft Server Agent via the HTTP protocol (authentication packet is encrypted by AES 128bit) to the SecurEnvoy server where it carries out a Two-Factor authentication. It provides a seemless login into the Windows 2012 R2 Remote Desktop environment by entering three pieces of information. SecurEnvoy utilises a web GUI for configuration, whereas the Microsoft Windows Server environment uses a GUI application. All notes within this integration guide refer to this type of approach. The equipment used for the integration process is listed below: Microsoft Windows Server 2012 R2 Installed roles: Remote Desktop Services SecurEnvoy SecurAccess Server software release v7.2.504 Microsoft Server Agent V7.2 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 2 Page 2

Index 1.0 Prerequisites... 3 1.1 Configure the Microsoft Server Agent... 4 1.2 Configure the Microsoft Server Agent for the Default website (optional)... 5 1.3 Configure the Microsoft Server Agent for RDWeb (optional)... 6 2.0 Configure logout URL (optional)... 7 2.1 Configure RDWeb Access Template (optional)... 7 3.0 Test the Two Factor Authentication... 8 4.0 Notes... 10 1.0 Prerequisites It is assumed that Remote Desktop Services and is authenticating with a username and password. Securenvoy Security Server has been installed with the Radius service and has a suitable account that has read and writes privileges to the Active Directory. If firewalls are between the SecurEnvoy Security server, Active Directory servers, and Remote Desktop Services, additional open ports will be required. Microsoft Server Agent has been installed as per the SecurEnvoy Microsoft Server Agent Installation and Admin Guide: https://www.securenvoy.com/integrationguides/iis%20agent%20installation%20guide.pdf Note You must use SecurEnvoy Microsoft Server Agent 7.2 or higher You must use SecurEnvoy Security Server version 7.2.504 or higher You Must use Remote Desktop Client 8.1 or higher The following table shows what token types are supported. Token Type Supported Real Time SMS or Email Preload SMS or Email Soft Token Code Soft Token Next Code Voice Call One Swipe 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 3 Page 3

1.1 Configure the Microsoft Server Agent Select the SecurEnvoy Servers tab. Configure your SecurEnvoy Server 1 IP address and Shared Secret. Once complete, press the Test Server 1. If result returns OK, click update. Select the RDWeb & RDGateway tab. For RD Gateway protection from a direct connection, check the check box for Enable 2FA Protection RD Web Access protection, check the check box for Enable 2FA Protection on Default Web Site / RDWeb. To enable RDP file signing, check the check box for Sign RDP Files and select the certificate assigned to your RD Gateway. Enter your Default NetBios Domain Name 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 4 Page 4

1.2 Configure the Microsoft Server Agent for the Default website (optional) Note This section of the guide is for manual configuration of the RD Web Access and is not required, if you have used the Microsoft Server agent in section 1.1. Launch the IIS management interface, either from Start, Administration Tools or from the Server Manager Expand the sites list on the navigation pane and select Default Web Site, then scroll down the centre panel and press the SecurEnvoy Two Factor icon. Enable the tick box to Enable Authentication On Site Default Web Site Click Apply when complete. 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 5 Page 5

1.3 Configure the Microsoft Server Agent for RDWeb (optional) Select the virtual web site you want to protect. For RDWeb select RDWeb, scroll down the centre panel and select SecurEnvoy Two Factor Select the tick box Enable Authentication On /RDWeb Select Form Based Authentication (The Default) Click Apply to finish Cancel restart IIS when prompted. Note The virtual directory SecurEnvoyAuth is automatically set to the application pool RDWebAccess. This must be maintained for correct operation. 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 6 Page 6

2.0 Configure logout URL (optional) In the Navigation pane, select top level host name (the 2nd line down). Scroll down the centre panel and press the SecurEnvoy Two Factor icon. Setup your required inactivity timeout. Add the logout URL logoff.aspx Restart IIS when prompted. 2.1 Configure RDWeb Access Template (optional) Copy the contents of RDWeb2012R2 (C:\Program Files (x86)\securenvoy\ Microsoft Server Agent \SAMPLES) to WEBAUTHTEMPLATE (C:\Program Files (x86)\securenvoy\ Microsoft Server Agent), backing up existing files. 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 7 Page 7

3.0 Test the Two Factor Authentication Test the Two Factor Web authentication by opening a browser and going to the URL for the Web server i.e. https://your_server_name/rdwe b (Don t forget the https) User logon screen is shown. Enter your UsedID and Password: User is then presented with their two factor authentication type: Pre load, Realtime and Soft tokens: VOICE tokens: One Swipe: 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 8 Page 8

User authenticates successfully and is presented with RDWeb 2012 R2: Note Configure your domain name within seiis.ini (C:\Windows): # Default Domain Name to use if no domain information is included in this UserID (leave blank if not required) DefaultDomain= yourdomain This will allow your users to logon to OWA without specifying the domain name: domain\userid 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 9 Page 9

4.0 Notes 2014 SecurEnvoy Ltd. All rights reserved Confidential Page 10 Page 10