McAfee QUICKCLEAN 1.0 Uživatelská příručka

Product GuideRevision AMcAfee Enterprise Authentication 1.0.0

Deployment10McAfee Enterprise Authentication 1.0.0 Product Guide

2Deployment optionsEnterprise Authentication offers several options to meet your deployment needs.Contents Types of installations Web-based inte

• Failover — If one server fails, the other servers within the cluster automatically absorb theworkload.• High Availability — The ability for each ser

Multi-tenancyTenants represent businesses within an enterprise or companies that subscribe to cloud-based servicesthrough a Service Provider.In a mult

• Manage tokens• Manage PINs2Deployment optionsTenancy and administrator roles14McAfee Enterprise Authentication 1.0.0 Product Guide

3Deployment scenariosWhen creating your deployment plan, consider each Enterprise Authentication deployment scenarios.You can implement Enterprise Aut

Considerations• UPD ports configured on the Enterprise Authentication server and RADIUS client are identical.• The shared secrets configured on the En

How it worksFigure 3-2 Enterprise Authentication as the Identity ProviderNumber Description1 Users request access protected applications and are redi

3Deployment scenariosEnterprise Authentication as the Identity Provider18McAfee Enterprise Authentication 1.0.0 Product Guide

4Plan your deploymentBefore you install Enterprise Authentication, plan and prepare your network environment.Contents Requirements Authenticatio

COPYRIGHTCopyright © 2014 McAfee, Inc. Do not copy without permission.TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee

Table 4-1 Requirements (continued)Component RequirementUser data stores These user data stores are supported:• Active Directory (AD)• Lightweight Dir

Example: When using MFA to gain access to protected resources, users are authenticated using theirpassword and one-time password. Enterprise Authentic

• Identity theft — Since passwords are more prone to theft, certificates ensure that identityinformation is valid and secure.• Unauthorized access — W

Table 4-3 Environment structure (continued)Determine... VerifiedThat you have administrator rights on all servers you intend to useIf these minimum r

Table 4-5 Resources (continued)Determine... VerifiedIf you plan to send one-time passwords using the McAfee Message Gateway. If so, youmust have a:•

SetupInstall Enterprise Authentication on your computer and complete thepost-installation tasks.Chapter 5 InstallationChapter 6 Post-installation task

Setup26McAfee Enterprise Authentication 1.0.0 Product Guide

5InstallationTo complete the installation, download and install the Enterprise Authentication product files on yoursupported server-class operating sy

5InstallationInstall the product files28McAfee Enterprise Authentication 1.0.0 Product Guide

6Post-installation tasksTo ensure your network is prepared for authentication, complete the post-installation tasks.Contents Set up clusters Acc

ContentsPreface 5About this guide ... 5Audience ... 5Conventions ...

5Verify the cluster setup.aOn the administration interface, click the Cluster tab.bMove your cursor over the server and verify that the correct inform

Add tenantsTo add tenants that are hosted on the same Enterprise Authentication server, use the administrationinterface.Task1In the administration int

6Post-installation tasksAdd tenants32McAfee Enterprise Authentication 1.0.0 Product Guide

Configuration and useUse the Enterprise Authentication web-based components to configure yourauthentication options.Chapter 7 Processing authenticatio

Configuration and use34McAfee Enterprise Authentication 1.0.0 Product Guide

7Processing authentication requests withflowsWhen users request access to protected resources, Enterprise Authentication uses authentication flowsto s

The response of each processed action determines whether the user is granted access to the protectedresource.Both configuration options include these

eClick Add.fCheck and resolve any possible condition conflicts.7Click Next.Configure SAML Identity Provider flows using the guidedconfiguration toolUs

Create custom authentication flowsTo create custom authentication flows that meet your specific network needs, manually combineEnterprise Authenticati

Import tokensTo enable user token authentication, import tokens to Enterprise Authentication.Task1On the administration interface, click the Main tab,

Log on to the administration interface ... 30Change the built-in administrator account credentials ... 30Add tenants .

Table 7-2 Tenant mapping configuration options Option Task stepsBind listener to tenant1From the Tenant drop-down list, select the tenant.2Click OK.B

Connect Enterprise Authentication to data sourcesConnect Enterprise Authentication to the data sources where your user data is stored.Tasks• Add a con

cIf the LDAP directory server uses an SSL connection, select the SSL enabled checkbox.dIn the Port field, enter the LDAP directory server port.eIn the

6Add conditions.aClick Add.bIn the Attribute field, enter the attribute on which you want to build the condition.cSelect one of these operators:•must•

Table 7-5 Configurable action options (continued)Task StepsAdd listeners to the action.1Next to the action, click +.2Click Add listener response hand

8Assigning administrator permissionsAssign administrator permission sets to network users.Contents Assign system administrator permissions Confi

Configure Pledge Profile Service settingsTo enable users to use their Pledge software token, configure the Pledge Profile Service settings.Task1Click

See also Add a connection to the LDAP directory on page 41Add a connection to the Active Directory on page 42Configure SMTP settingsTo enable users to

8Assigning administrator permissionsAssign tenant administrator permissions48McAfee Enterprise Authentication 1.0.0 Product Guide

9Assisting users with Web ManagerTo assist users with their authentication settings, user administrators use the Web Manager interface.Contents Log

PrefaceThis guide provides the information you need to work with your McAfee product.Contents About this guide Find product documentationAbout t

Update user telephone numbersTo ensure that one-time passwords are delivered to the correct devices, keep the user telephonenumber current.Task1Double

Enable the Pledge Profile ServiceTo enable users to use Pledge, configure the Pledge Profile Service settings.Task1Double-click the user account.2Clic

Generate user PINsWhen enabled, generate PINs that are used for authentication.Task1Double-click the user account.2Click the PIN Code tab.3Click Gener

10MaintenanceMaintain the Enterprise Authentication software.Contents Uninstall the software Uninstall cluster installationsUninstall the softwa

10MaintenanceUninstall cluster installations54McAfee Enterprise Authentication 1.0.0 Product Guide

IndexAabout this guide 5actions 35active directory 22, 42administration interface 12administration interface, log on 30administrator accountbuilt-in 3

EEnterprise Authenticationabout 7how it works 7Ggrant number 27guided configurationradius authentication flow 36saml identity provider 37Hhardware mem

WWeb Managerlog on 49logon credentials 46permissions 13pin 52Pledge Profile Service 51reset user lockout 50Web Manager (continued)token search 49token

0-A00

Find product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.Task1Go to the

1IntroductionProtect your enterprise network data and resources against unauthorized access by integratingMcAfee® Enterprise Authentication (Enterpris

• Remote Authentication Dial-In User Service (RADIUS)• Security Assertion Markup Language (SAML)• Hyper Text Transfer Protocol/Secure Sockets Layer (H

DeploymentBefore you deploy Enterprise Authentication on your network, consider youroptions and create your deployment plan.Chapter 2 Deployment optio