Tuesday, July 5, 2016

Configuring Deepnet Security SafeID OATH Token with Microsoft Azure MFA Server

Related Blogs:

Configuring YubiKey / Yubico OATH Token with Microsoft Azure MFA Server - http://portal.sivarajan.com/2016/06/configuring-yubikey-yubico-oath-token.html

Azure MFA with pGina and Local Authentication - http://portal.sivarajan.com/2015/09/azure-mfa-with-pgina.html

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

Microsoft Azure MFA on-premises server supports a time based OATH (OATH – TOTP) third party tokens.  This is an alternative to using the Azure Authenticator Mobile App as an OATH token.  You can see other MFA authentication options in my Azure MFA Server–Authentication Types (Part I) and Azure MFA Server–Authentication Types (Part II) blogs.  The OATH tokens can be added or imported prior to being associated with a user.  Administrators can associate users and tokens in the Multi-Factor Authentication Server  or the User Portal.  Users can associate themselves with an OATH token during User Portal enrollment or using the OATH Token menu option when the User Portal is configured to provide this functionality.    A bulk token import and configuration is also supported by MFA Server .  An administrator can import OATH Token records from an input  file .  The secret keys must be in Base32 format

This blog provides step-by-step instructions in configuring Deepnet SafeID OATH token with Microsoft Azure MFA server.  I am using DeepNet Security's SafeID Classic model for this testing.  You can review different token models and details on their website.  

Requirements:

The following are the pre-requirements to complete this configuration. 

  1. Microsoft Azure MFA on-premises server
  2. Deepnet SafeID hardware
  3. Secret Key for your DeepNet SafeID.  You will receive an email with Secret Key after the purchase. 

Review the following Azure MFA Server Authentication Types  blog if you are not familiar with authentication configuration in Azure MFA Server:

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

Azure MFA Server – Configuration for third Party OATH

First step in this process is to add third party OATH Tokens in Azure MFA Server. You can either add these tokens individually or perform a bulk import using an input file. 

To add an OATH token,

  1. Logon to your MFA application server.  Open Multi-Factor Authentication Server UI and Select OATH Token icon.
  2. Click Add option from OATH Token window.
  3. image_thumb23
  4. Enter your Secret Key token Details
    1. Serial NumberRequired.  Enter the  serial number of your SafeID. This will be in the back of the Secret Keyas shown below or it will be the email you received from DeepNet. 
    2. image
    3. Secret KeyRequired. This is the Secret Key (Base32).  You have to receive this information from DeepNet.    You will receive an email from Deepnet with Secret Key after the purchase
    4. Manufacturer Optional.  Enter DeepNet Security as the manufacturer.
    5. ModelOptional.  Enter SafeID as model type. 
    6. Start dateOptional
    7. Expiration dateOptional
    8. Time intervalRequired. Select 60 seconds. 
    9. Username:  Associate a user with this OATH token.  You can manually enter the username or Select User option to identify a user. 
    10. image
    11. Click OK to complete.  The Synchronize OATH Token dialog will prompt for the current OATH code to synchronize the OATH token and verify the configuration.
    12. image
    13. Enter the current code from DeepNet SafeID from the Synchronize OATH Token window to complete token configuration in MFA Server.  Click OK
    14. image

Note1: MFA server validates the OATH code against the OATH token secret key and synchronizes the OATH token's time if they are valid.  If there are not valid, you will see the following error message:

image_thumb38

Note2: Azure Multi-Factor Authentication Server supports bulk import of token records by using an input CSV file.   The file must be in a supported format and may be partially or fully encrypted with a password. 

Sample Input File

To perform a bulk import,

image

Note3: you may receive the following error message when you click on Import button. There is an update/hotfix for this issue. 

Unhandled exception has occurred in your application.  If you click Continue, the application will ignore this error and attempt to continue.  If you click Quit, the application will close immediately. 

Could not load file or assembly ‘PfPskcClr, Version=0.0.0.0, Culture=neutral, PublicKey Token=null’ or one of its dependencies.  A strongly-named assembly is required.  (Exception from HRRESULT:0X8013100)

image

Azure MFA Server – End User Validation Using DeepNet SafeID OATH Token

The final step in this process is to validate the DeepNet SafeID configuration and authentication experience from an end user perspective. 

To configure OATH token as the authentication type for an end user:

  1. From Multi-Factor Authentication Server UI, Select Users icon
  2. From right pane, open the user properties by double clicking the user object.
  3. This will open User Properties / Edit User  window as shown below.  Make sure that the OATH Token is selected as the authentication type for this test user. 
  4. image
  5. To validate this configuration, select out test user object and from the bottom of the window, select Test option.  
  6. image
  7. User will be prompted for first /primary authentication using a user name and password. Enter the User name and Password for the user, then click Test
  8. image
  9. Then it will prompt you for the secondary authentication.  In this scenario, it the OATH Code.image_thumb52
  10. Get the current OATH code from your DeepNet SafeID. 
  11. image
  12. Enter the current code in the OATH Code window in the MFA application .  Click OK
  13. image
  14. You will see the authentication status/result as shown below: 
  15. image_thumb49

Related Blogs:

Configuring YubiKey / Yubico OATH Token with Microsoft Azure MFA Server - http://portal.sivarajan.com/2016/06/configuring-yubikey-yubico-oath-token.html

Azure MFA with pGina and Local Authentication - http://portal.sivarajan.com/2015/09/azure-mfa-with-pgina.html

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

5 comments:

This is exceptionally advantageous when you need to make a more definite investigation of this particular theme furthermore I might want to value all your exertion with the readers. Much appreciated. Like wise custom essay writing service is also a good source for the students to solve essay writing related doubts.

Everyone loves the look and feel of a clean home. Thanks for choosing this topic for post and update me. Game Stick RPG 2 looks like your real life, you can get everything you want, game Douchebag workout 2 is to renew him, so that he can hook up with the sexy girl appearing in the introduction, return man 3 saves your progress, with Potty Racers do you want to fly to Mars with me?


I enjoyed over read your blog post. Your blog have nice information, I got good ideas from this amazing blog. I am always searching like this type blog post. I hope I will see again.

* super mario world
* madalin stunt cars 2
* slope

This is a brilliant stuff and you have explained each part in a good manner with the help of diagrams and screenshots. Admission essay writing service

You have explained the technical aspects in a good manner. This blog offers intense detailing of the topic. UK dissertation writing service

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More