Versions Compared

Old Version 15

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prior to the installation of the Before you install the DualShield MFA serversystem, you must prepare the following items:

...

your environment and plan for choices that you will make during the installation process.

To prepare for installation:

1. A Windows or Linux server machine (virtual or real machine) with 8GM RAM, 4-core CPU, and 10GB free disk space 

Expand
titleHardware and Software Specification for DualShield Server...

Include Page
Hardware and Software Specification for DualShield Server
Hardware and Software Specification for DualShield Server


2. An FQDN for your DualShield MFA server consoles, e.g. mfa.acme.com

Info

The DualShield server includes 4 web consoles

  • Admin Console
  • User Console
  • Single Sign-On Console (mainly used for SAML SSSO)
  • Deployment Console (for device and tokens)

If you do not plan to make your DualShield MFA server consoles accessible from the public network, then the FQDN can be an internal domain name. However, if you do plan to make one or some of your Dualshield server consoles accessible from the public network, then the FQDN must be an external domain name.

Note: You can change the FQDN later after the MFA server installation.

Expand
titleFQDN for DualShield Consoles....

Include Page
FQDN for DualShield Consoles
FQDN for DualShield Consoles


3. An SSL certificate for your DualShield MFA server consoles in a PFX file (a wildcard certificate is acceptable, e.g. *.acme.com)

...

If you need to purchase an SSL certificate from a certificate authority such as GoDaddy, you can use the Deepnet CSR tool

...

Note: You can ask the MFA server installer to generate and use a self-signed SSL certificate. You can also change the server certificate after the MFA server installation.

Expand
titleSSL Certificate for DualShield Consoles....

Include Page
SSL Certificate for DualShield Consoles
SSL Certificate for DualShield Consoles


4. An AD service account

...

for the connection between your MFA server and AD server. For a quick start, you can use an existing domain admin or domain user account. Or, you can create a new service account with the appropriate privileges

Expand
titleAD service account for DualShield access...

Include Page
Active Directory service account for DualShield access
Active Directory service account for DualShield access


5. (Optional) An AD user group for MFA

...

  1. Push Authentication
  2. Self-Services such as downloading MobileID tokens, activating DeviceID tokens, etc. 
  3. SAML integration with external cloud services such as Office 465, SalesForce, Zoom, etc.

enforcement

Expand
titleAD User Group for MFA Enforcement...

Include Page
Active Directory User Group for MFA Enforcement
Active Directory User Group for MFA Enforcement


6. (Optional) An SQL service account

Expand
titleSQL service account for DualShield access...

Include Page
SQL service account for DualShield access
SQL service account for DualShield access


7. (Optional) Configure corporate firewall

Expand
titleFirewall ports for DualShield MFA...

Include Page
Firewall ports for DualShield MFA
Firewall ports for DualShield MFA


8. Download the DualShield server software

...

, and save it on your DualShield MFA server machine

...

For more details, please check out the following articles:

...

Expand
titleDualShield software download...

Include Page
DualShield software download
DualShield software download