Prior to the installation of the DualShield MFA server, prepare the following items:
- A Windows or Linux server machine (virtual or real machine) with 8GM RAM, 4-core CPU, and 10GB free disk space
An FQDN for your DualShield MFA server consoles, e.g. mfa.acme.com
The DualShield server includes 4 web consoles
- Admin Console
- User Console
- Single Sign-On Console (mainly used for SAML SSSO)
- Deployment Console (for device and tokens)
If you do not plan to make your DualShield MFA server consoles accessible from the public network, then the FQDN can be an internal domain name. However, if you do plan to make one or some of your Dualshield server consoles accessible from the public network, then the FQDN must be an external domain name.
Note: You can change the FQDN later after the MFA server installation.
An SSL certificate for your DualShield MFA server consoles in a PFX file (a wildcard certificate is acceptable, e.g. *.acme.com)
If you need to purchase an SSL certificate from a certificate authority such as GoDaddy, you can use the Deepnet CSR tool
Note: You can ask the MFA server installer to generate and use a self-signed SSL certificate. You can also change the server certificate after the MFA server installation.
- An AD service account (domain user) to be used for the connection between your MFA server and AD server
- An AD group for MFA – only users in the MFA group will be MFA enabled
- (Optional) If you need to implement one of the following functions or features, then you need to configure your corporate firewall and open HTTP port 8074 and 8076, forward traffic to your DualShield MFA server
- Push Authentication
- Self-Services such as downloading MobileID tokens, activating DeviceID tokens, etc.
- SAML integration with external cloud services such as Office 465, SalesForce, Zoom, etc.
- Download the DualShield server software from https://support.deepnetsecurity.com, and save it on your DualShield MFA server machine
For more details, please check out the following articles: