![]() ![]() Search_dn=DC=example,DC=com Configure the Duo Security Authentication Proxy to Work with the Firebox The LDAP distinguished name (DN) of an Active Directory container or organizational unit (OU) contains all of the users you want to permit to log in. The password corresponds to service_account_username. The user name of a domain account that has permission to bind to your directory and perform searches. The hostname or IP address of your domain controller. To configure the Proxy, add an section at the beginning of the file that includes the properties described in this list. In our integration, you must configure the Proxy to communicate with the Active Directory. The Duo Security Authentication Proxy validates the user password. Configure the Duo Security Authentication Proxy for Primary Authentication Organizations with an existing on-premises Microsoft Active Directory domain can import users, phones, and groups into Duo with directory synchronization.įor detailed instructions about how to sync users from Active Directory, see Synchronizing Users from Active Directory. Select Protect to get the values of the Integration key, Secret key, and API hostname.Select Protect an Application and find LDAP Proxy in the application list.Log in to the Duo Admin Panel and select Applications.From the Authentication Server drop-down list, select your authentication server.The name of this group must be the same as the name of the Active Directory group your users belong to. In the Name text box, type a name for the group.The Add User or Group dialog box appears. From the adjacent drop-down list, select Group.In the Users and Groups section, from the Create new drop-down list, select the authentication server you created.Mobile VPN with SSL uses the default authentication server unless a user specifies an authentication server in the Username text box on the Mobile VPN with SSL client. In the Authentication Server list, select your authentication server and click Move Up to move it to the top of the list (this makes it the default authentication server).From the Authentication Server drop-down list, select the authentication server you created.This is the IP address or domain name that mobile VPN with SSL clients connect to by default. In the General section, for the Primary text box, type the public IP address (external IP address) or domain name of the Firebox.Select the Activate Mobile VPN with SSL check box.In the SSL section, click Manually Configure.Keep all other settings as the default values.From the Login Attribute drop-down list, select an LDAP login attribute to use for authentication.In the Password of Searching User text box, type the password associated with the distinguished name for a search operation.In the DN of Searching User text box, type the distinguished name (DN) for a search operation.įor example: cn=Administrator,cn=Users,dc=example,dc=com.In the Search Base text box, type the search base settings in standard format: dc=first part of distinguished server name, dc=any part of the distinguished server name that appears after the dot.In the text box adjacent to IP Address/DNS Name, type the Duo Security Authentication Proxy IP address.From the IP Address/DNS Name drop-down list, select IP Address.Select the Enable LDAP Server check box.From the Authentication Servers list, select LDAP.You must configure the LDAP authentication settings and enable Mobile VPN with SSL on your Firebox. In our configuration, Duo Security Authentication Proxy and Active Directory are located on the same subnet. Active Directory is used for primary user authentication. ![]() ![]() The Duo Authentication Proxy acts as a bridge: it communicates with Active Directory, Duo Security service in the cloud, WatchGuard Firebox, and Duo mobile app. Use the Duo account to log in to the Duo Service to manage applications, enroll users, and get integration keys. To complete this integration, you must have: Duo Mobile Application 4.15.0.43.1 on iOS.Windows Server 2016 with Active Directory Domain Services.Duo Security Authentication Proxy 5.6.1 on Windows.The hardware and software used in this guide include: This diagram shows the test topology for this integration. The Duo Proxy receives incoming LDAP requests from your Firebox, contacts your existing local LDAP/AD server to perform primary authentication, and contacts the Duo cloud service for secondary authentication. You must install a local Duo Proxy service on a device within your network. This document describes how to integrate WatchGuard Mobile VPN with SSL client software download access and Mobile VPN with SSL client authentication with the Duo Security® two-factor authentication solution. Duo Security LDAP Authentication Integration Guide Duo Security Integration Overview ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |