Product GuideRevision AMcAfee Enterprise Authentication 1.0.0
Deployment10McAfee Enterprise Authentication 1.0.0 Product Guide
2Deployment optionsEnterprise Authentication offers several options to meet your deployment needs.Contents Types of installations Web-based inte
• Failover — If one server fails, the other servers within the cluster automatically absorb theworkload.• High Availability — The ability for each ser
Multi-tenancyTenants represent businesses within an enterprise or companies that subscribe to cloud-based servicesthrough a Service Provider.In a mult
• Manage tokens• Manage PINs2Deployment optionsTenancy and administrator roles14McAfee Enterprise Authentication 1.0.0 Product Guide
3Deployment scenariosWhen creating your deployment plan, consider each Enterprise Authentication deployment scenarios.You can implement Enterprise Aut
Considerations• UPD ports configured on the Enterprise Authentication server and RADIUS client are identical.• The shared secrets configured on the En
How it worksFigure 3-2 Enterprise Authentication as the Identity ProviderNumber Description1 Users request access protected applications and are redi
3Deployment scenariosEnterprise Authentication as the Identity Provider18McAfee Enterprise Authentication 1.0.0 Product Guide
4Plan your deploymentBefore you install Enterprise Authentication, plan and prepare your network environment.Contents Requirements Authenticatio
COPYRIGHTCopyright © 2014 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee
Table 4-1 Requirements (continued)Component RequirementUser data stores These user data stores are supported:• Active Directory (AD)• Lightweight Dir
Example: When using MFA to gain access to protected resources, users are authenticated using theirpassword and one-time password. Enterprise Authentic
• Identity theft — Since passwords are more prone to theft, certificates ensure that identityinformation is valid and secure.• Unauthorized access — W
Table 4-3 Environment structure (continued)Determine... VerifiedThat you have administrator rights on all servers you intend to useIf these minimum r
Table 4-5 Resources (continued)Determine... VerifiedIf you plan to send one-time passwords using the McAfee Message Gateway. If so, youmust have a:•
SetupInstall Enterprise Authentication on your computer and complete thepost-installation tasks.Chapter 5 InstallationChapter 6 Post-installation task
Setup26McAfee Enterprise Authentication 1.0.0 Product Guide
5InstallationTo complete the installation, download and install the Enterprise Authentication product files on yoursupported server-class operating sy
5InstallationInstall the product files28McAfee Enterprise Authentication 1.0.0 Product Guide
6Post-installation tasksTo ensure your network is prepared for authentication, complete the post-installation tasks.Contents Set up clusters Acc
ContentsPreface 5About this guide ... 5Audience ... 5Conventions ...
5Verify the cluster setup.aOn the administration interface, click the Cluster tab.bMove your cursor over the server and verify that the correct inform
Add tenantsTo add tenants that are hosted on the same Enterprise Authentication server, use the administrationinterface.Task1In the administration int
6Post-installation tasksAdd tenants32McAfee Enterprise Authentication 1.0.0 Product Guide
Configuration and useUse the Enterprise Authentication web-based components to configure yourauthentication options.Chapter 7 Processing authenticatio
Configuration and use34McAfee Enterprise Authentication 1.0.0 Product Guide
7Processing authentication requests withflowsWhen users request access to protected resources, Enterprise Authentication uses authentication flowsto s
The response of each processed action determines whether the user is granted access to the protectedresource.Both configuration options include these
eClick Add.fCheck and resolve any possible condition conflicts.7Click Next.Configure SAML Identity Provider flows using the guidedconfiguration toolUs
Create custom authentication flowsTo create custom authentication flows that meet your specific network needs, manually combineEnterprise Authenticati
Import tokensTo enable user token authentication, import tokens to Enterprise Authentication.Task1On the administration interface, click the Main tab,
Log on to the administration interface ... 30Change the built-in administrator account credentials ... 30Add tenants .
Table 7-2 Tenant mapping configuration options Option Task stepsBind listener to tenant1From the Tenant drop-down list, select the tenant.2Click OK.B
Connect Enterprise Authentication to data sourcesConnect Enterprise Authentication to the data sources where your user data is stored.Tasks• Add a con
cIf the LDAP directory server uses an SSL connection, select the SSL enabled checkbox.dIn the Port field, enter the LDAP directory server port.eIn the
6Add conditions.aClick Add.bIn the Attribute field, enter the attribute on which you want to build the condition.cSelect one of these operators:•must•
Table 7-5 Configurable action options (continued)Task StepsAdd listeners to the action.1Next to the action, click +.2Click Add listener response hand
8Assigning administrator permissionsAssign administrator permission sets to network users.Contents Assign system administrator permissions Confi
Configure Pledge Profile Service settingsTo enable users to use their Pledge software token, configure the Pledge Profile Service settings.Task1Click
See also Add a connection to the LDAP directory on page 41Add a connection to the Active Directory on page 42Configure SMTP settingsTo enable users to
8Assigning administrator permissionsAssign tenant administrator permissions48McAfee Enterprise Authentication 1.0.0 Product Guide
9Assisting users with Web ManagerTo assist users with their authentication settings, user administrators use the Web Manager interface.Contents Log
PrefaceThis guide provides the information you need to work with your McAfee product.Contents About this guide Find product documentationAbout t
Update user telephone numbersTo ensure that one-time passwords are delivered to the correct devices, keep the user telephonenumber current.Task1Double
Enable the Pledge Profile ServiceTo enable users to use Pledge, configure the Pledge Profile Service settings.Task1Double-click the user account.2Clic
Generate user PINsWhen enabled, generate PINs that are used for authentication.Task1Double-click the user account.2Click the PIN Code tab.3Click Gener
10MaintenanceMaintain the Enterprise Authentication software.Contents Uninstall the software Uninstall cluster installationsUninstall the softwa
10MaintenanceUninstall cluster installations54McAfee Enterprise Authentication 1.0.0 Product Guide
IndexAabout this guide 5actions 35active directory 22, 42administration interface 12administration interface, log on 30administrator accountbuilt-in 3
EEnterprise Authenticationabout 7how it works 7Ggrant number 27guided configurationradius authentication flow 36saml identity provider 37Hhardware mem
WWeb Managerlog on 49logon credentials 46permissions 13pin 52Pledge Profile Service 51reset user lockout 50Web Manager (continued)token search 49token
0-A00
Find product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.Task1Go to the
1IntroductionProtect your enterprise network data and resources against unauthorized access by integratingMcAfee® Enterprise Authentication (Enterpris
• Remote Authentication Dial-In User Service (RADIUS)• Security Assertion Markup Language (SAML)• Hyper Text Transfer Protocol/Secure Sockets Layer (H
DeploymentBefore you deploy Enterprise Authentication on your network, consider youroptions and create your deployment plan.Chapter 2 Deployment optio
Comments to this Manuals