Transcription
Overview of Multi-Factor Authentication (MFA) in SanerNowMFA is one of the easiest, most effective ways to help prevent unauthorized account access. It is one of themost common methods of authentication security. MFA validated the user’s identity conveniently and protect the access. Being secure is not easy yet MFA may be the simplest solution where user can secure theiraccess.Usernames and passwords alone don’t provide sufficient safeguards against unauthorized account access.MFA adds an extra layer of protection against threats and decreases the risk of poor password behaviour like password reuse. With MFA, users are prompted for an additional form of identification.For those of you who are ready to bump up your security now, we have made it very easy for you to enablethis highly recommended feature in SanerNow, which supports PingOne MFA, PingID MFA, Okta MFA andTOTP Authenticator App based MFA to provide additional secure access to your account.SanerNow allows users to select MFA according to their preferences. Adding MFA to your account increases security and reduces the risk of data breaches. PingOne, PingID and Okta provides organizations with a fast and easy way to deploy MFA for awide range of use cases without draining IT resources. PingID supports a wide range ofauthentication methods. Currently, SanerNow supports SMS, Email, and the Authenticator app. ForPingID, SanerNow supports SMS, Email, Desktop PingID application, PingID push notification inmobile, and the Authenticator app from PingID is supported. Similarly for Okta, SanerNow supportsSMS, Email, TOTP, Okta push notification in mobile, and the Authenticator app from Okta. TOTP Authenticator App (Ex: Google Authenticator, Microsoft authenticator, Authy etc.) provides anadditional verification step to the user identity before granting the SanerNow account access. It is afree security application that can protect your account and set up quickly. It generates a six-digitnumber, which changes every 30 seconds.As one might have noticed from the above, at SecPod, we always think about making it happen in the easiestway possible but still leave that option for our customers to exercise some flexibility at their discretion.The above design considerations are met with MFA in SanerNow 5.2 and newer versions.
Configuring PingOne MFA Policy in SanerNowThe Environment ID, Client ID, and Authentication Path from your organization's PingOneaccount are required for configuring the PingOne MFA policy in SanerNow. Currently,SanerNow supports three authentication methods: SMS, Email, and the Authenticator appfrom PingOne.Follow the below steps to configure PingOne MFA in SanerNow:Step 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.Step 2: By default, All Organizations is selected from the drop-down on the control panel page. If the adminhas created only one organization, the page will automatically select that organization and show its accounts.Step 3: Under Authentication, select Multi-Factor option.Step 4: After selecting the Multi-Factor, Multi-Factor Authentication Policies page will get opened.
Note: By default, Authenticator App MFA policy is available. Admin and Org Admin can create and customizePingOne, PingID or Okta MFA policy.Step 5: For creating a new PingOne MFA Policy. Click New Policy from the top right of the page.Step 6: The PingOne MFA Policy details should be entered in the respective fields MFA Provider: Select PingOne from the drop-down. By default, MFA Provider selects PingOne fromthe drop-down.
Policy Name: Enter the policy name. This should be a unique name to identify the policy within anorganization. Description: Enter the policy details, this is an optional field. Environment ID: Enter the environment id from your organization PingOne account. Client ID: Enter the client id from your organization PingOne account. Authentication Path: Enter the authentication from your organization PingOne account.Note: To know more details about how to get environment id, client id, authentication path from yourorganization PingOne account, refer the section below. PingOne Username: Select Login ID or Custom. This option is selected depending on the SanerNowand PingOne username mapping.oLogin ID: Select this option if your PingOne username and SanerNow login ID are identical.By default, this option is selected.oCustom: Select this option if your PingOne username and SanerNow login ID are different.Note: If Custom is selected, there is no need to enter PingOne username during policy creation. When youapply the created policy to the user, it requests for a PingOne username. You can skip this step by clicking onSkip or you can enter the PingOne username and click Update.Step 6: Click the Create button to configure the PingOne MFA policy.How to get PingOne details from Organization PingOne accountThe Environment ID, Client ID, and Authentication Path from your organization's PingOne account arerequired for configuring the PingOne MFA policy in SanerNow. Currently, SanerNow supports threeauthentication methods: SMS, Email, and the Authenticator app from PingOne.Note:For ESSGRANTSBYSCOPES, the resource type should be OpenID and the scope should be profile. Response type "Code" mustbe selected mandatory along with other fields (if necessary).Environment ID: Unique identifier for the PingOne authentication. Login to the PingOne account Go to the home page and select administrator Go to the environment section and get the Environment ID Enter environment id in the Multi-Factor Authentication policy windowClient ID: Go to the connections section
PingOne by default offers three applications You can configure and publish a new application Client ID is obtained from the created application. Enter client id in the Multi-Factor Authentication policy windowAuthentication Path: Go to the connections section Open the created application, a window opens Select Configuration from the toolbar and get the authorization URL (https://auth.pingone.asia),which is nothing but an authentication path Enter authentication path in the Multi-Factor Authentication policy windowNote The authorization URL changes based on the geographic region of your organization. Here are someother examples of authorization URLs:* https://auth.pingone.ca (Canada)* https://auth.pingone.eu (Europe)* https://auth.pingone.asia (Asia Pacific)Configuring PingID MFA Policy in SanerNowThe IDP URL. Org Alias, Base64Key and Token from your organization's PingID accountare required for configuring the PingID MFA policy in SanerNow. Currently, SanerNowsupports various authentication methods: SMS, Email, Desktop PingID application, PingIDpush notification in mobile, and the Authenticator app from PingID.Follow the below steps to configure PingID MFA in SanerNow:Step 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.Step 2: By default, All Organizations is selected from the drop-down on the control panel page. If the adminhas created only one organization, the page will automatically select that organization and show its accounts.
Step 3: Under Authentication, select Multi-Factor option.Step 4: After selecting the Multi-Factor, Multi-Factor Authentication Policies page will get opened.Note: By default, Authenticator App MFA policy is available. Admin and Org Admin can create and customizePingOne, PingID or Okta MFA policy.Step 5: For creating a new PingID MFA Policy. Click New Policy from the top right of the page.
Step 6: The PingOne MFA Policy details should be entered in the respective fields MFA Provider: Select PingID from the drop-down. Policy Name: Enter the policy name. This should be a unique name to identify the policy within anorganization. Description: Enter the policy details, this is an optional field. Idp URL: Enter the Idp URL from the PingID enterprise account. Org Alias: Enter the Org Alias information from your PingID enterprise account. Base64 Key: Enter the Base64Key from your PingID enterprise account. Token: Enter the token information from your PingID enterprise account PingID Username: Select Login ID or Custom. This option is selected depending on the SanerNowand PingID username mapping.oLogin ID: Select this option if PingID username and SanerNow login ID are identical. By default, this option is selected.oCustom: Select this option if PingID username and SanerNow login ID are different.Note: If Custom is selected, there is no need to enter PingID username during policy creation. When youapply the created policy to the user, it requests for a PingID username. You can skip this step by clicking onSkip or you can enter the PingID username and click Update.Step 6: Click the Create button to configure the PingID MFA policy.Note: Users need to enter the valid inputs in each field, if invalid inputs are entered it throwsan error message as Invalid Multi-Factor Authentication Input.
How to get PingID details from Organization PingID accountThe IDP URL. Org Alias, Base64Key and Token from your organization's PingID accountare required for configuring the PingID MFA policy in SanerNow. Login to the PingID account Go to Setup Select Ping ID Under Ping ID settings, select Client Integration Click on the Download button to download the properties file Open the properties file, you will see all the necessary information (IDP URL, Org Alias, Base64Keyand Token) from the PingID enterprise account.Note: For PingID MFA policy creation, we can also import the PingID properties file using“Import Properties File” Option to fetch all the required policy details.Configuring Okta MFA Policy in SanerNowThe IDP URL, Org Alias, Base64Key and Token from your organization's Okta account arerequired for configuring the Okta MFA policy in SanerNow. Currently, SanerNow supportsvarious authentication methods: SMS, Email, TOTP, Okta push notification in mobile, and theAuthenticator app from Okta.Follow the below steps to configure Okta MFA in SanerNow:
Step 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.Step 2: By default, All Organizations is selected from the drop-down on the control panel page. If the adminhas created only one organization, the page will automatically select that organization and show its accounts.Step 3: Under Authentication, select Multi-Factor option.Step 4: After selecting the Multi-Factor, Multi-Factor Authentication Policies page will get opened.Note: By default, Authenticator App MFA policy is available. Admin and Org Admin can create and customizePingOne, PingID or Okta MFA policy.Step 5: For creating a new Okta MFA Policy. Click New Policy from the top right of the page.
Step 6: The Okta MFA Policy details should be entered in the respective fields MFA Provider: Select Okta from the drop-down. Policy Name: Enter the policy name. This should be a unique name to identify the policy within anorganization. Description: Enter the policy details, this is an optional field. Authentication Path: Enter the Authentication Path from the organization’s Okta account. Client ID: Enter the client ID from the organization’s Okta account. Private Key: Enter the Private Key from the organization’s Okta account. Okta Username: Select Login ID or Custom. This option is selected depending on the SanerNow andOkta username mapping.oLogin ID: Select this option if Okta username and SanerNow login ID are identical. By default, this option is selected.oCustom: Select this option if Okta username and SanerNow login ID are different.
Note: If Custom is selected, there is no need to enter Okta username during policy creation. When you applythe created policy to the user, it requests for a Okta username. You can skip this step by clicking on Skip oryou can enter the Okta username and click Update.Step 6: Click the Create button to configure the Okta MFA policy.Note: Users need to enter the valid inputs in each field, if invalid inputs are entered it throwsan error message as Invalid Multi-Factor Authentication Input.How to get Okta details from Organization Okta accountThe IDP URL, Org Alias, Base64Key and Token from your organization's Okta account are required for configuring the Okta MFA policy in SanerNow. Login to the Okta account Go to Applications Click on Create App Integrations Select API services, click on Next Enter App integration name of your choice and click on Save Click on the application created and copy the Client ID Scroll down, Under “PUBLIC KEYS” Click on add key and add a public key of the organization and usethe private key to create MFA policy in SanerNow Click on Save Under Okta API scope option in the application, grant access for the policy creation Select “Okta.user.manage” and click on Grant Assign the required users to this application Copy the authentication path from the User section info on the top rightHow to apply MFA Policy to the New userTo add new users, complete the following steps:Step 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.Step 2: All Organizations are selected from the drop-down by default on the control panel page. If theadmin has created only one organization, the page will automatically select that organization and show itsaccounts.Step 3: Click the Users section in the Control Panel.
Step 4: Click New User on the top right corner of the Users page.Step 5: Specify the Login Id, Name, Organization, and Password.Step 6: Select the role of the user from the drop-down menu.Step 7: Select the managing organizations from the drop-down menuStep 8: To assign MFA Policy to the user, select the created MFA policy from the drop-down.Step 9: Click the Create button to apply MFA policy to the new userHow to apply MFA Policy to the existing userStep 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.Step 2: All Organizations are selected from the drop-down by default on the control panel page. If theadmin has created only one organization, the page will automatically select that organization and show itsaccounts.Step 3: Click the Users section in the Control Panel.Step 4: Select the user to which MFA is to be applied and click on the lock symbol to activate MFA.Step 5: Select the created MFA policy from the drop-down.
Step 6: Click the Create button to apply the MFA policy to an existing user.SanerNow Login using MFA Policy Go to the SanerNow website https://saner.secpod.com/ and enter the email address and passwordof your SanerNow account and click LOGIN User enforced with MFA policy prompts to MFA verification window. Enter the code that is sent to the Email or SMS or Authenticator App, which depends on the authen-tication method selected in your organization MFA account and click Verify to access your SanerNow account. With a successful entry of the security code, users gain access to the SanerNow with added security.Configuring Authenticator App MFA Policy in SanerNowA. Enforce and Enable Authenticator MFA to userStep 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.
Step 2: All Organizations option is selected from the drop-down by default in the Control Panel page. If theadmin has created only one organization, the page will automatically select that organization and show itsaccounts.Step 3: Select the organization and click the Users section in the Control Panel.Step 4: Select the user to whom Authenticator App MFA should be applied and click on the lock symbol toenforce MFA.Step 5: Select MFA policy as Authenticator from the drop-down.Step 6: Click Confirm button to configure the Authenticator App MFA policy to the user.Step 7: After you log out of your SanerNow account, the configured Authenticator App MFA will be appliedto you from the next login.After configuring Authenticator App MFA Policy, follow these steps to log in to the SanerNow accountStep 8: Log in to SanerNow using your account credentials.Step 9: User enforced with Authenticator MFA policy prompts to Authenticator App verification window.
Step 10: Download the Authenticator app to your mobile device. Scan the QR image displayed on theverification window with your mobile device and enter the 6-digit code in the code box. Then click Enableto access your SanerNow account.Step 11: From the next time you log in to your account, Authenticator App MFA will only display the "Code"field.Step 12: In the code box, the user must enter the 6-digit code. A new code is generated every 30 seconds.Click Verify to access SanerNow.B. Enable Authenticator App MFA yourself. After logging into SanerNow, you can edit your profile. Click on the user info that is present on thetop right corner of the dashboard. On the user info page, you can enable or disable Multi-Factor Authentication.
Turn on the Multi-Factor Authentication to enable Authenticator App MFA policy. Download the Authenticator app to your mobile device. Scan the QR image displayed on the screenwith your mobile device and enter the 6-digit code in the code box. Then click Enable to enable Authenticator App MFA yourself.To change/withdraw MFA Policy.Step 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.Step 2: All Organizations are selected from the drop-down by default on the control panel page. If theadmin has created only one organization, the page will automatically select that organization and show itsaccounts.Step 3: Click the Users section in the Control Panel.
Step 4: If the user is enforced with MFA policy, then the lock icon in the Action column will be green incolor.Step 5: User can change or withdraw PingOne MFA Policy. Click the lock icon, MFA dialogue box opensStep 6: To change the MFA policy, select the required MFA policy that you want to apply for the user fromthe drop-down and click ChangeStep 7: To withdraw the applied MFA policy, click Withdraw.To Delete MFA PolicyStep 1: Log in to SanerNow and then click Control Panel at the top-right to access the Control Panel page.Step 2: All Organizations are selected from the drop-down by default on the control panel page. If theadmin has created only one organization, the page will automatically select that organization and show itsaccounts.Step 3: Choose the Multi-Factor Authentication which is in the settings section on the control panel page.
Step 5: Select the multi-factor authentication policy that you would like to delete and click the delete iconin the Action column.Step 6: Click on the Delete button to delete the PingOne MFA policy.About SecPod, Inc.SecPod is a leading provider of endpoint security and303 Twin Dolphin Drive,management solutions. SecPod (Security Podium, incarnated6th Floor, Redwood City,as SecPod) has created a revolutionary SanerNow platformCalifornia 94065, USA.and tools used by MSPs and enterprises worldwide. SecPodTo learn more about SecPod, visit:also licenses security technology to top security vendorswww.SecPod.comthrough its SCAP Content Professional Feed.ContactSales: info@secpod.comSupport: support@secpod.comPhone: ( 1) 918 625 3023 (US)
Step 3: Under Authentication, select Multi-Factor option. Step 4: After selecting the Multi-Factor, Multi-Factor Authentication Policies page will get opened. Note: By default, Authenticator App MFA policy is available. Admin and Org Admin can create and customize PingOne, PingID or Okta MFA policy. Step 5: For creating a new PingID MFA Policy.Click New Policy from the top right of the page.
