Multifactor Authentication Installation and …...Install 7-Zip file archiver tool on server machine...

Multifactor Authentication Installation and Configuration Guide Software Version 5.0.0.0

General Information: [email protected] Online Support: [email protected]

mailto:[email protected]


Copyright 2017 CionSystems Inc., All Rights Reserved 1 | P a g e

© 2017 CionSystems Inc. ALL RIGHTS RESERVED.

This guide may not be reproduced or transmitted in part or in whole by any means, electronic or

mechanical, including photo copying and recording for any purpose other than the purchaser's use

under the licensing agreement, without the written permission of CionSystems Inc.

The software application in this guide is provided under a software license (EULA) or non-disclosure

agreement. This product may only be used in accordance with the terms of the applicable licensing

agreement.

This guide contains proprietary information protected by copyright. For questions regarding the use of

this material and product, contact us at:

CionSystems Inc.

6640 185th Ave NE

Redmond, WA-98052, USA

http://www.CionSystems.com

Phone: +1.425.605.5325

Trademarks

CionSystems, CionSystems Inc., the CionSystems Inc. logo, CionSystems Enterprise Self-Service and two

factor authentication are trademarks of CionSystems. Other trademarks and registered trademarks used

in this guide are property of their respective owners.

http://www.cionsystems.com/


Table of Contents

Introduction .................................................................................................................................................. 3

Prerequisites ............................................................................................................................................. 3

System Requirements ............................................................................................................................... 3

Installation of Enterprise Self-Service Portal ................................................................................................ 4

Configuring database for Enterprise Self-Service Portal ........................................................................... 7

Configuring Enterprise Self-Service Portal .................................................................................................. 10

Configuration of Domain ........................................................................................................................ 11

Configuring SMTP and SMS settings: ...................................................................................................... 12

Create User Policy ................................................................................................................................... 13

Create User ............................................................................................................................................. 14

User Registration .................................................................................................................................... 15

Self-Extractor creation steps for “CionSystems Multifactor” ..................................................................... 18

1.By using 7-Zip file archiver ................................................................................................................... 18

Steps for x64 self-extractor ................................................................................................................. 18

2.By using IExpress .................................................................................................................................. 21

IExpress ............................................................................................................................................... 21

Prerequisites ....................................................................................................................................... 21

IExpress Wizard ................................................................................................................................... 21

User Login ................................................................................................................................................... 33

Installing Multifactor ............................................................................................................................... 34

How to Use .............................................................................................................................................. 39

Update Off-Line Configuration................................................................................................................ 42

Update Unlock Key .................................................................................................................................. 43


Introduction

Your Laptop/PC is the key to many things you do on a day to day basis. It's important that only you have

the ability to access your device, update your device and access the data you store. CionMFA is a feature

you can use to keep your personal information as secure as possible.

Multi Factor Authentication is an additional security feature for your Windows Machines that's designed

to prevent anyone from accessing or using your computer, even if they know your password.

It requires you to verify your identity using first factor i.e. your username and password and second

factor which only you knows or you have, it can be Your USB disk or OTP in send on your mobile or email

address and security questions which only you knows

Prerequisites

Ensure that you have installed and configured Enterprise Self-Service. Add the domain and Office365

domain to Enterprise Self-Service. For more information about Enterprise Self-Service please refer to the

product quick start guide.

System Requirements

CionSystems Enterprise Self-Service Requirements:

• 8GB RAM

• 50 MB of disk space.

• Web Browser IE 5.5 or higher.

• Windows Server 2000, 2003, 2008, 2008R2, 2012, 2012R2, 2016

• IIS server 5.1 or higher.

• Microsoft .NET 4.0 Framework.

• Optional - Access to Exchange Server 2003, Exchange Server 2007 or higher.

• Access to Windows Active Directory (2000, 2003, 2008, 2012, 2016).

• SQL Server 2008 or higher Full or Express Edition.

• Windows Installer 3.1.

• Optional - For exchange 2007(or higher) support, please install Exchange 2007

(or higher) management tools on your system.


Installation of Enterprise Self-Service Portal

The Enterprise Self-Service Portal installation process is as follows:

1. Open the file where "EnterpriseSelfServicePortal.msi" was saved.

2. Double click on “EnterpriseSelfServicePortal.msi” file

Note: You will have to choose “Run as administrator” on a user control enabled system.

3. Click Next


4. Click Next

5. Select “I Agree” and click Next


6. Confirm the installation and click Next


7. Provide “Username” and “Password” and click OK

Configuring database for Enterprise Self-Service Portal

8. SQL Server Configuration pop up window appears, if you are installing the application for the first

time then click Create New Database. In “Configuration Details”, you can select “SQL Authentication”

or “Windows Authentication”.

Note:

To use “Use Existing Database” radio button, “AD_SELF_SERVICE” database should be already

exist in the selected SQL database server

If “AD_SELF_SERVICE” database already exist in the selected SQL database server and if you

choose “Create New Database” radio button, then old database will be deleted and new database

will be created.


• For SQL Authentication, enter SQL database server name, select SQL Authentication, and enter “Login” and “Password” details. Enter valid details and click Test Connection. If “Test Connection” displays “Connected Successfully” message, then click Next.

• For Windows Authentication, enter SQL database server name, select Windows Authentication, here “Login” and “Password” will be grayed out. Enter valid details and click Test Connection. If “Test Connection” displays “Connected Successfully” message, then click Next.


9. Click Close. Installation completed successfully.


Configuring Enterprise Self-Service Portal

Admin configures the Enterprise Self-Service Portal, audit, customize the portals, manage users, and delegate authority via the Administrative Portal. 1. Click windows Start button>All Programs>Enterprise Self-Service Portal >Enterprise Self-Service Portal

icon. (OR) Click “Enterprise Self-Service Portal” icon on desktop.

Figure: Login page in ESSP for Admin

2. The login screen will open in the default web browser. To login to the application for the first time; Enter “admin” in the User Name dialogue box

Enter “admin” in the Password dialogue box

Note: It is recommended that user name and password should be changed after the application has

been launched


Configuration of Domain

Enter all required domain details and configure the domain.

a. Enter Domain Controller name

b. Domain name

c. Domain User name

d. Domain Password

Click Fetch

Figure: Domain configuration in ESSP

Select one controller as primary and click Save, domain will be added.


Configuring SMTP and SMS settings:

To receive automated e-mail notifications and alerts from the Enterprise Self-Service application, these

settings must be configured properly. Fill in the fully qualified domain name or IP address of the SMTP

server (“Mail Server”) and the sender e-mail address (“From E-mail Address”) as indicated in below

figure.

Figure: SMTP and SMS settings in ESSP


Create User Policy

To create user policy, go to CustomizationClick User PolicyClick Create

• Enter Policy name

• Select OU

• Select the policies that you want to configure

• Click Save

Figure: User Policy creation in ESSP


Create User

For user creation, go to User Management tab, click Create User link

Figure: User creation in ESSP

Fill the details, click Create button, user will be created successfully.


User Registration

For user registration, go to User Login page, click Register User tab.

Figure: User Login page in ESSP

1. Provide Username and Password and click OK, an email will be sent to user specified email address


2. Then user will receive a mail with security PIN

Copy the secret code to validate registration and click on the link Enterprise Self-Service Portal

3. Copy and paste the PIN and click Ok.


Figure: User security questions configuration in ESSP

4. Now user has to configure the “Selectable Questions & Answers” (Challenging Questions) and click

Save.

5. You should see a message that says “User registered Successfully”. Click Ok


Self-Extractor creation steps for “CionSystems Multifactor” As an admin, you have to create a “MultiFactorAuthInstaller.exe” file from its .msi file.

We can create installer in two ways:

1. By using 7-Zip file archiver

2. By using IExpress tool

1. By using 7-Zip file archiver

Install 7-Zip file archiver tool on server machine where the Enterprise Self-Service portal is installed. You

will find its setup file in 7zip_setup folder. After installation, unzip the contents of SelfExtractor.zip file

to a location (Eg: “D:\SelfExtractor”). After unzipping, you can see the following files:

o 7zS.sfx

o config_x64.txt

o CreateSelfExtractor_x64.bat

Now copy the MultiFactorAuthInstaller_x64.msi file to the same location “D:\SelfExtractor”

Steps for x64 self-extractor

Right click on MultiFactorAuthInstaller_x64.msi select 7-Zipclick Add to archive…


Keep the default options and press OK

This will create a file with the name MultiFactorAuthInstaller_x64.7z in the same location

(D:\SelfExtractor)

Now open config_x64.txt file either in Notepad or in Notepad++

Look for the msi file name, it should be exactly same as the msi file

(MultiFactorAuthInstaller_x64.msi), look for SERVICEADDRESS and change the ip value in address

with ip value of the server where the “Enterprise Self-Service Portal” is installed

http://192.168.0.197/ADSelfService/Services/UserAuthenticationService.asmx


Now open the CreateSelfExtractor_x64.bat file in Notepad or in Notepad++, the first parameter

MultiFactorAuthInstaller_x64.7z is the input file for which installer needs to be created, the second

one is output of this i.e. installer .exe file (MultiFactorAuthInstaller_x64.exe) , the output name can be

changed to any name of your choice.

Double click on CreateSelfExtractor_x64.bat file

You should see MultiFactorAuthInstaller_x64.exe in the location “D:\SelfExtractor”

Now copy the installer MultiFactorAuthInstaller_x64.exe from the created location and

paste/replace in the path: “C:\inetpub\wwwroot\ADSelfService\Temp”

Changes will take effect after restart the IIS (Internet Information Services). To restart the IIS, open

command prompt in administrator mode, type IISReset and press Enter.


2. By using IExpress

By using IExpress tool you can create EXE format installer executable file from MSI setup file to release

MultiFactorAuthInstaller in standard EXE installer setup format.

IExpress

IExpress is a Microsoft tool that is included in Windows XP, Windows Server 2003, Windows Vista,

Windows Server 2008, Windows 7 and Windows 8. It uses a Self-Extraction Directive (.SED) file to store

information about your package. When you run the IExpress Wizard, you can start with an existing .SED

file or create a new one by using the wizard. The .SED file contains information and instructions about

the setup package.

Prerequisites

Use Windows 8.1 or Windows 7/10 machine for creating self-extractor. Also, for 32 bit, use 32-bit

machine and for 64 bit, use 64-bit machine.

IExpress Wizard

1. In search box type “iexpress”, select “iexpress.exe”, right click on it and choose “Run as

administrator”. IExpress Wizard will be started with the below screen.

2. Select “Create new Self-Extraction Directive file” option and click Next


3. Select “Extract files and run an installation command” option and click Next

4. In the text box enter “CionSystems Multifactor”, click Next


5. Select “Prompt user with” option and enter "Do you want to install CionSystems Multifactor?" in

the text box. Click Next

6. Select “Do not display a license” option and click Next


7. Click Add button, a dialog box for file selection will come. Browse to location where

“MultiFactorAuthInstaller.msi” file is located and select the same. For x64 bit, select 64-bit version of

msi and for x86, select 32-bit version of msi.

In this case for example, MultiFactorAuthInstaller_x64.msi is selected. Click Open button.


8. Click Next

9. In the “Install Program” text box, enter the following text (which is in double quotes marked with

yellow color)


For x64:

ESSP Url:

“msiexec.exe /iMultiFactorAuthInstaller_x64.msi

SERVICEADDRESS=http://192.168.0.197/ADSelfService/Services/UserAuthenticationService.asmx

LOCALPORTNO=9002”

Note:

Enter the text without double quotes

In the above text, replace the ip and port values (which are marked with red circles) with ip and

port values of the server where the “Enterprise Self- Service Portal” is installed.

If the assigned port is being used by some other application on the machine, setup will

automatically pickup a random port which is open.

10. Keep the default “Post Install Command” value as “<None>” and click Next


11. Keep the “Default (recommended)”option selected and click Next

12. Keep the default “No Message” option selected and click Next


13. Click Browse button. A file dialog box will open


14. Go to location where you want to store self-extractor. In this case e.g. I kept the same location

where .msi file are placed. Also in file name, give the file name of self-extractor. I have given the

same name as msi “MultiFactorAuthInstaller_x64” and then click Save button.

15. Select the checkbox “Store files using Long File Name inside Package”

16. Click Yes on popup dialog box.

17. Click Next


18. Select “No restart” from the option list, click Next

19. Keep the default ”Save Self Extraction Directive (SED) file” option selected and click Next


20. Click Next

21. If the process is successful, self-extractor will be created in the location selected at step 14.


22. Click Finish

23. Now copy the installer from the created location and replace in the following path:

“C:\inetpub\wwwroot\ADSelfService\Temp”

24. Changes will take effect after restart the IIS (Internet Information Services). To restart the IIS, open

command prompt in administrator mode, type IISReset and press Enter.


User Login

After restarting the IIS, need to download and install the installer “MultiFactorAuthInstaller.exe”

1. Take one domain joined machine which is joined with a domain controller where the Enterprise Self-

Service portal is installed

2. Now access the url of “Enterprise Self-Service Portal” which is installed on domain controller

http://192.168.0.197/ADSelfService/frmUserLogin.aspx

3. Login with Username and Password

Figure: User Self Update page in ESSP

4. After login, click on “Install Credential Provider” link

5. Installer will be downloaded.

http://192.168.1.161/ADSelfService/frmUserLogin.aspx


Installing Multifactor

The Multifactor Authentication installation process is as follows:

1. Double click on installer

2. Click on Run

3. Click on Yes on below pop up dialog box.

4. “Multif-Factor Auth For All”setup wizard will be started

5. Click Next


6. Select the checkbox “I accept the terms in the License Agreement ” and click Next

7. If you want offline support, select “Yes”


8. If you don’t want offline support, then select “No” and click Next

9. If you select “Yes”, Offline support configuration window appears. The default key update is 7 days;

you can enter 7 to 30 days. You will need USB disk at the end of the installation to store offline key

in USB disk. Click Next


10. Click Install

11. Click Finish


12. Immediately a popup will occur. To generate offline key click Yes

13. Select the USB disk to generate the key

14. It will show the message “Your unlock key has been generated and stored in USB disk

successfully…”

15. Click on Close button


How to Use

1. After Installation of “Multifactor” in your system, restart your system or lock your system

(Ctrl+Alt+Del).

2. Before login to your system, remove “USB disk” from port.

3. Now, login to your system by entering username and password.

After successfully authenticating your username and password, you will get the following options to

login.

a. USB Key (Support offline is set to “Yes” during installation)

b. Send OTP to Email

c. Send OTP to Mobile

d. Answer Security Questions


Figure: Multifactor authentication with USB Key

If you choose the “USB Key” option then it’s ask to attach USB disk into your machine and click

on arrow to login. This option also works when no network connection.

Figure: Multifactor authentication with Send OTP to Email

If you choose the “Send OTP to Email” option then OTP will be sent to your Email Id.


Figure: Multifactor authentication with Send OTP to Mobile

If you choose the “Send OTP to Mobile” option then OTP will be sent to your mobile.

Figure: Multifactor authentication with Answer Security Questions

If you choose the “Answer Security Questions” option then answer your security questions.


Update Off-Line Configuration

Steps to update the offline configuration settings are as follows:

1. Click “Show hidden icons” on the task bar and select “CionSystems Multi-Factor Auth For All”.

2. Right click on “CionSystems Multi-Factor Auth For All” and select “Update Off-Line Configuration”.


Figure: Update offline configuration in Multifactor

3. “Update offline configuration” window appears. Select “Is offline support required” check box and

enter the Key Expire Time between 7 to 30 days. Click Update

4. Click Close

Update Unlock Key

Steps to update the unlock key are as follows:

1. Click “Show hidden icons” on the task bar and select “CionSystems Multi-Factor Auth For All”

2. Right click on “CionSystems Multi-Factor Auth For All” and select “Update Unlock Key”.


Figure: Update unlock key in Multifactor

3. Attach the USB disk to your machine and click Update Key button.

4. It will show the message “Unlock key has been updated successfully…”, finally click on Close

button.


Contact Notes: For technical support or feature requests, please contact us at [email protected] or 425.605.5325 For sales or other business inquiries, we can be reached at [email protected] or 425.605.5325 If you’d like to view a complete list of our Active Directory Management solutions, please visit us online at www.CionSystems.com

Disclaimer The information in this document is provided in connection with CionSystems products. No license, express or implied, to any intellectual property right is granted by this document or in connection with the sale of CionSystems products. EXCEPT AS SET FORTH IN CIONSYSTEMS’ LICENSE AGREEMENT FOR THIS PRODUCT, CIONSYSTEMS INC. ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL CIONSYSTEMS INC. BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF CIONSYSTEMS INC. HAS BEEN ADVISED IN WRITING OF THE POSSIBILITY OF SUCH DAMAGES. CionSystems may update this document or the software application without notice.

CionSystems Inc

6640 185th Ave NE,

Redmond, WA-98052, USA

www.CionSystems.com

Ph: +1.425.605.5325 This guide is provided for informational purposes only, and the contents may not be reproduced or transmitted in any form or by any means without our written permission.





Date post:	09-Apr-2020
Category:	Documents
Upload:	others
View:	9 times
Download:	0 times

Multifactor Authentication Installation and …...Install 7-Zip file archiver tool on server machine...

Documents