Multifactor Authentication Installation and Configuration Guide Software Version 5.0.0.0
General Information: [email protected] Online Support: [email protected]
Copyright 2017 CionSystems Inc., All Rights Reserved 1 | P a g e
© 2017 CionSystems Inc. ALL RIGHTS RESERVED.
This guide may not be reproduced or transmitted in part or in whole by any means, electronic or
mechanical, including photo copying and recording for any purpose other than the purchaser's use
under the licensing agreement, without the written permission of CionSystems Inc.
The software application in this guide is provided under a software license (EULA) or non-disclosure
agreement. This product may only be used in accordance with the terms of the applicable licensing
agreement.
This guide contains proprietary information protected by copyright. For questions regarding the use of
this material and product, contact us at:
CionSystems Inc.
6640 185th Ave NE
Redmond, WA-98052, USA
http://www.CionSystems.com
Phone: +1.425.605.5325
Trademarks
CionSystems, CionSystems Inc., the CionSystems Inc. logo, CionSystems Enterprise Self-Service and two
factor authentication are trademarks of CionSystems. Other trademarks and registered trademarks used
in this guide are property of their respective owners.
Copyright 2017 CionSystems Inc., All Rights Reserved 2 | P a g e
Table of Contents
Introduction .................................................................................................................................................. 3
Prerequisites ............................................................................................................................................. 3
System Requirements ............................................................................................................................... 3
Installation of Enterprise Self-Service Portal ................................................................................................ 4
Configuring database for Enterprise Self-Service Portal ........................................................................... 7
Configuring Enterprise Self-Service Portal .................................................................................................. 10
Configuration of Domain ........................................................................................................................ 11
Configuring SMTP and SMS settings: ...................................................................................................... 12
Create User Policy ................................................................................................................................... 13
Create User ............................................................................................................................................. 14
User Registration .................................................................................................................................... 15
Self-Extractor creation steps for “CionSystems Multifactor” ..................................................................... 18
1.By using 7-Zip file archiver ................................................................................................................... 18
Steps for x64 self-extractor ................................................................................................................. 18
2.By using IExpress .................................................................................................................................. 21
IExpress ............................................................................................................................................... 21
Prerequisites ....................................................................................................................................... 21
IExpress Wizard ................................................................................................................................... 21
User Login ................................................................................................................................................... 33
Installing Multifactor ............................................................................................................................... 34
How to Use .............................................................................................................................................. 39
Update Off-Line Configuration................................................................................................................ 42
Update Unlock Key .................................................................................................................................. 43
Copyright 2017 CionSystems Inc., All Rights Reserved 3 | P a g e
Introduction
Your Laptop/PC is the key to many things you do on a day to day basis. It's important that only you have
the ability to access your device, update your device and access the data you store. CionMFA is a feature
you can use to keep your personal information as secure as possible.
Multi Factor Authentication is an additional security feature for your Windows Machines that's designed
to prevent anyone from accessing or using your computer, even if they know your password.
It requires you to verify your identity using first factor i.e. your username and password and second
factor which only you knows or you have, it can be Your USB disk or OTP in send on your mobile or email
address and security questions which only you knows
Prerequisites
Ensure that you have installed and configured Enterprise Self-Service. Add the domain and Office365
domain to Enterprise Self-Service. For more information about Enterprise Self-Service please refer to the
product quick start guide.
System Requirements
CionSystems Enterprise Self-Service Requirements:
• 8GB RAM
• 50 MB of disk space.
• Web Browser IE 5.5 or higher.
• Windows Server 2000, 2003, 2008, 2008R2, 2012, 2012R2, 2016
• IIS server 5.1 or higher.
• Microsoft .NET 4.0 Framework.
• Optional - Access to Exchange Server 2003, Exchange Server 2007 or higher.
• Access to Windows Active Directory (2000, 2003, 2008, 2012, 2016).
• SQL Server 2008 or higher Full or Express Edition.
• Windows Installer 3.1.
• Optional - For exchange 2007(or higher) support, please install Exchange 2007
(or higher) management tools on your system.
Copyright 2017 CionSystems Inc., All Rights Reserved 4 | P a g e
Installation of Enterprise Self-Service Portal
The Enterprise Self-Service Portal installation process is as follows:
1. Open the file where "EnterpriseSelfServicePortal.msi" was saved.
2. Double click on “EnterpriseSelfServicePortal.msi” file
Note: You will have to choose “Run as administrator” on a user control enabled system.
3. Click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 5 | P a g e
4. Click Next
5. Select “I Agree” and click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 6 | P a g e
6. Confirm the installation and click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 7 | P a g e
7. Provide “Username” and “Password” and click OK
Configuring database for Enterprise Self-Service Portal
8. SQL Server Configuration pop up window appears, if you are installing the application for the first
time then click Create New Database. In “Configuration Details”, you can select “SQL Authentication”
or “Windows Authentication”.
Note:
To use “Use Existing Database” radio button, “AD_SELF_SERVICE” database should be already
exist in the selected SQL database server
If “AD_SELF_SERVICE” database already exist in the selected SQL database server and if you
choose “Create New Database” radio button, then old database will be deleted and new database
will be created.
Copyright 2017 CionSystems Inc., All Rights Reserved 8 | P a g e
• For SQL Authentication, enter SQL database server name, select SQL Authentication, and enter “Login” and “Password” details. Enter valid details and click Test Connection. If “Test Connection” displays “Connected Successfully” message, then click Next.
• For Windows Authentication, enter SQL database server name, select Windows Authentication, here “Login” and “Password” will be grayed out. Enter valid details and click Test Connection. If “Test Connection” displays “Connected Successfully” message, then click Next.
Copyright 2017 CionSystems Inc., All Rights Reserved 9 | P a g e
9. Click Close. Installation completed successfully.
Copyright 2017 CionSystems Inc., All Rights Reserved 10 | P a g e
Configuring Enterprise Self-Service Portal
Admin configures the Enterprise Self-Service Portal, audit, customize the portals, manage users, and delegate authority via the Administrative Portal. 1. Click windows Start button>All Programs>Enterprise Self-Service Portal >Enterprise Self-Service Portal
icon. (OR) Click “Enterprise Self-Service Portal” icon on desktop.
Figure: Login page in ESSP for Admin
2. The login screen will open in the default web browser. To login to the application for the first time; Enter “admin” in the User Name dialogue box
Enter “admin” in the Password dialogue box
Note: It is recommended that user name and password should be changed after the application has
been launched
Copyright 2017 CionSystems Inc., All Rights Reserved 11 | P a g e
Configuration of Domain
Enter all required domain details and configure the domain.
a. Enter Domain Controller name
b. Domain name
c. Domain User name
d. Domain Password
Click Fetch
Figure: Domain configuration in ESSP
Select one controller as primary and click Save, domain will be added.
Copyright 2017 CionSystems Inc., All Rights Reserved 12 | P a g e
Configuring SMTP and SMS settings:
To receive automated e-mail notifications and alerts from the Enterprise Self-Service application, these
settings must be configured properly. Fill in the fully qualified domain name or IP address of the SMTP
server (“Mail Server”) and the sender e-mail address (“From E-mail Address”) as indicated in below
figure.
Figure: SMTP and SMS settings in ESSP
Copyright 2017 CionSystems Inc., All Rights Reserved 13 | P a g e
Create User Policy
To create user policy, go to CustomizationClick User PolicyClick Create
• Enter Policy name
• Select OU
• Select the policies that you want to configure
• Click Save
Figure: User Policy creation in ESSP
Copyright 2017 CionSystems Inc., All Rights Reserved 14 | P a g e
Create User
For user creation, go to User Management tab, click Create User link
Figure: User creation in ESSP
Fill the details, click Create button, user will be created successfully.
Copyright 2017 CionSystems Inc., All Rights Reserved 15 | P a g e
User Registration
For user registration, go to User Login page, click Register User tab.
Figure: User Login page in ESSP
1. Provide Username and Password and click OK, an email will be sent to user specified email address
Copyright 2017 CionSystems Inc., All Rights Reserved 16 | P a g e
2. Then user will receive a mail with security PIN
Copy the secret code to validate registration and click on the link Enterprise Self-Service Portal
3. Copy and paste the PIN and click Ok.
Copyright 2017 CionSystems Inc., All Rights Reserved 17 | P a g e
Figure: User security questions configuration in ESSP
4. Now user has to configure the “Selectable Questions & Answers” (Challenging Questions) and click
Save.
5. You should see a message that says “User registered Successfully”. Click Ok
Copyright 2017 CionSystems Inc., All Rights Reserved 18 | P a g e
Self-Extractor creation steps for “CionSystems Multifactor” As an admin, you have to create a “MultiFactorAuthInstaller.exe” file from its .msi file.
We can create installer in two ways:
1. By using 7-Zip file archiver
2. By using IExpress tool
1. By using 7-Zip file archiver
Install 7-Zip file archiver tool on server machine where the Enterprise Self-Service portal is installed. You
will find its setup file in 7zip_setup folder. After installation, unzip the contents of SelfExtractor.zip file
to a location (Eg: “D:\SelfExtractor”). After unzipping, you can see the following files:
o 7zS.sfx
o config_x64.txt
o CreateSelfExtractor_x64.bat
Now copy the MultiFactorAuthInstaller_x64.msi file to the same location “D:\SelfExtractor”
Steps for x64 self-extractor
Right click on MultiFactorAuthInstaller_x64.msi select 7-Zipclick Add to archive…
Copyright 2017 CionSystems Inc., All Rights Reserved 19 | P a g e
Keep the default options and press OK
This will create a file with the name MultiFactorAuthInstaller_x64.7z in the same location
(D:\SelfExtractor)
Now open config_x64.txt file either in Notepad or in Notepad++
Look for the msi file name, it should be exactly same as the msi file
(MultiFactorAuthInstaller_x64.msi), look for SERVICEADDRESS and change the ip value in address
with ip value of the server where the “Enterprise Self-Service Portal” is installed
http://192.168.0.197/ADSelfService/Services/UserAuthenticationService.asmx
Copyright 2017 CionSystems Inc., All Rights Reserved 20 | P a g e
Now open the CreateSelfExtractor_x64.bat file in Notepad or in Notepad++, the first parameter
MultiFactorAuthInstaller_x64.7z is the input file for which installer needs to be created, the second
one is output of this i.e. installer .exe file (MultiFactorAuthInstaller_x64.exe) , the output name can be
changed to any name of your choice.
Double click on CreateSelfExtractor_x64.bat file
You should see MultiFactorAuthInstaller_x64.exe in the location “D:\SelfExtractor”
Now copy the installer MultiFactorAuthInstaller_x64.exe from the created location and
paste/replace in the path: “C:\inetpub\wwwroot\ADSelfService\Temp”
Changes will take effect after restart the IIS (Internet Information Services). To restart the IIS, open
command prompt in administrator mode, type IISReset and press Enter.
Copyright 2017 CionSystems Inc., All Rights Reserved 21 | P a g e
2. By using IExpress
By using IExpress tool you can create EXE format installer executable file from MSI setup file to release
MultiFactorAuthInstaller in standard EXE installer setup format.
IExpress
IExpress is a Microsoft tool that is included in Windows XP, Windows Server 2003, Windows Vista,
Windows Server 2008, Windows 7 and Windows 8. It uses a Self-Extraction Directive (.SED) file to store
information about your package. When you run the IExpress Wizard, you can start with an existing .SED
file or create a new one by using the wizard. The .SED file contains information and instructions about
the setup package.
Prerequisites
Use Windows 8.1 or Windows 7/10 machine for creating self-extractor. Also, for 32 bit, use 32-bit
machine and for 64 bit, use 64-bit machine.
IExpress Wizard
1. In search box type “iexpress”, select “iexpress.exe”, right click on it and choose “Run as
administrator”. IExpress Wizard will be started with the below screen.
2. Select “Create new Self-Extraction Directive file” option and click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 22 | P a g e
3. Select “Extract files and run an installation command” option and click Next
4. In the text box enter “CionSystems Multifactor”, click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 23 | P a g e
5. Select “Prompt user with” option and enter "Do you want to install CionSystems Multifactor?" in
the text box. Click Next
6. Select “Do not display a license” option and click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 24 | P a g e
7. Click Add button, a dialog box for file selection will come. Browse to location where
“MultiFactorAuthInstaller.msi” file is located and select the same. For x64 bit, select 64-bit version of
msi and for x86, select 32-bit version of msi.
In this case for example, MultiFactorAuthInstaller_x64.msi is selected. Click Open button.
Copyright 2017 CionSystems Inc., All Rights Reserved 25 | P a g e
8. Click Next
9. In the “Install Program” text box, enter the following text (which is in double quotes marked with
yellow color)
Copyright 2017 CionSystems Inc., All Rights Reserved 26 | P a g e
For x64:
ESSP Url:
“msiexec.exe /iMultiFactorAuthInstaller_x64.msi
SERVICEADDRESS=http://192.168.0.197/ADSelfService/Services/UserAuthenticationService.asmx
LOCALPORTNO=9002”
Note:
Enter the text without double quotes
In the above text, replace the ip and port values (which are marked with red circles) with ip and
port values of the server where the “Enterprise Self- Service Portal” is installed.
If the assigned port is being used by some other application on the machine, setup will
automatically pickup a random port which is open.
10. Keep the default “Post Install Command” value as “<None>” and click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 27 | P a g e
11. Keep the “Default (recommended)”option selected and click Next
12. Keep the default “No Message” option selected and click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 28 | P a g e
13. Click Browse button. A file dialog box will open
Copyright 2017 CionSystems Inc., All Rights Reserved 29 | P a g e
14. Go to location where you want to store self-extractor. In this case e.g. I kept the same location
where .msi file are placed. Also in file name, give the file name of self-extractor. I have given the
same name as msi “MultiFactorAuthInstaller_x64” and then click Save button.
15. Select the checkbox “Store files using Long File Name inside Package”
16. Click Yes on popup dialog box.
17. Click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 30 | P a g e
18. Select “No restart” from the option list, click Next
19. Keep the default ”Save Self Extraction Directive (SED) file” option selected and click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 31 | P a g e
20. Click Next
21. If the process is successful, self-extractor will be created in the location selected at step 14.
Copyright 2017 CionSystems Inc., All Rights Reserved 32 | P a g e
22. Click Finish
23. Now copy the installer from the created location and replace in the following path:
“C:\inetpub\wwwroot\ADSelfService\Temp”
24. Changes will take effect after restart the IIS (Internet Information Services). To restart the IIS, open
command prompt in administrator mode, type IISReset and press Enter.
Copyright 2017 CionSystems Inc., All Rights Reserved 33 | P a g e
User Login
After restarting the IIS, need to download and install the installer “MultiFactorAuthInstaller.exe”
1. Take one domain joined machine which is joined with a domain controller where the Enterprise Self-
Service portal is installed
2. Now access the url of “Enterprise Self-Service Portal” which is installed on domain controller
http://192.168.0.197/ADSelfService/frmUserLogin.aspx
3. Login with Username and Password
Figure: User Self Update page in ESSP
4. After login, click on “Install Credential Provider” link
5. Installer will be downloaded.
Copyright 2017 CionSystems Inc., All Rights Reserved 34 | P a g e
Installing Multifactor
The Multifactor Authentication installation process is as follows:
1. Double click on installer
2. Click on Run
3. Click on Yes on below pop up dialog box.
4. “Multif-Factor Auth For All”setup wizard will be started
5. Click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 35 | P a g e
6. Select the checkbox “I accept the terms in the License Agreement ” and click Next
7. If you want offline support, select “Yes”
Copyright 2017 CionSystems Inc., All Rights Reserved 36 | P a g e
8. If you don’t want offline support, then select “No” and click Next
9. If you select “Yes”, Offline support configuration window appears. The default key update is 7 days;
you can enter 7 to 30 days. You will need USB disk at the end of the installation to store offline key
in USB disk. Click Next
Copyright 2017 CionSystems Inc., All Rights Reserved 37 | P a g e
10. Click Install
11. Click Finish
Copyright 2017 CionSystems Inc., All Rights Reserved 38 | P a g e
12. Immediately a popup will occur. To generate offline key click Yes
13. Select the USB disk to generate the key
14. It will show the message “Your unlock key has been generated and stored in USB disk
successfully…”
15. Click on Close button
Copyright 2017 CionSystems Inc., All Rights Reserved 39 | P a g e
How to Use
1. After Installation of “Multifactor” in your system, restart your system or lock your system
(Ctrl+Alt+Del).
2. Before login to your system, remove “USB disk” from port.
3. Now, login to your system by entering username and password.
After successfully authenticating your username and password, you will get the following options to
login.
a. USB Key (Support offline is set to “Yes” during installation)
b. Send OTP to Email
c. Send OTP to Mobile
d. Answer Security Questions
Copyright 2017 CionSystems Inc., All Rights Reserved 40 | P a g e
Figure: Multifactor authentication with USB Key
If you choose the “USB Key” option then it’s ask to attach USB disk into your machine and click
on arrow to login. This option also works when no network connection.
Figure: Multifactor authentication with Send OTP to Email
If you choose the “Send OTP to Email” option then OTP will be sent to your Email Id.
Copyright 2017 CionSystems Inc., All Rights Reserved 41 | P a g e
Figure: Multifactor authentication with Send OTP to Mobile
If you choose the “Send OTP to Mobile” option then OTP will be sent to your mobile.
Figure: Multifactor authentication with Answer Security Questions
If you choose the “Answer Security Questions” option then answer your security questions.
Copyright 2017 CionSystems Inc., All Rights Reserved 42 | P a g e
Update Off-Line Configuration
Steps to update the offline configuration settings are as follows:
1. Click “Show hidden icons” on the task bar and select “CionSystems Multi-Factor Auth For All”.
2. Right click on “CionSystems Multi-Factor Auth For All” and select “Update Off-Line Configuration”.
Copyright 2017 CionSystems Inc., All Rights Reserved 43 | P a g e
Figure: Update offline configuration in Multifactor
3. “Update offline configuration” window appears. Select “Is offline support required” check box and
enter the Key Expire Time between 7 to 30 days. Click Update
4. Click Close
Update Unlock Key
Steps to update the unlock key are as follows:
1. Click “Show hidden icons” on the task bar and select “CionSystems Multi-Factor Auth For All”
2. Right click on “CionSystems Multi-Factor Auth For All” and select “Update Unlock Key”.
Copyright 2017 CionSystems Inc., All Rights Reserved 44 | P a g e
Figure: Update unlock key in Multifactor
3. Attach the USB disk to your machine and click Update Key button.
4. It will show the message “Unlock key has been updated successfully…”, finally click on Close
button.
Copyright 2017 CionSystems Inc., All Rights Reserved 45 | P a g e
Contact Notes: For technical support or feature requests, please contact us at [email protected] or 425.605.5325 For sales or other business inquiries, we can be reached at [email protected] or 425.605.5325 If you’d like to view a complete list of our Active Directory Management solutions, please visit us online at www.CionSystems.com
Disclaimer The information in this document is provided in connection with CionSystems products. No license, express or implied, to any intellectual property right is granted by this document or in connection with the sale of CionSystems products. EXCEPT AS SET FORTH IN CIONSYSTEMS’ LICENSE AGREEMENT FOR THIS PRODUCT, CIONSYSTEMS INC. ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL CIONSYSTEMS INC. BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF CIONSYSTEMS INC. HAS BEEN ADVISED IN WRITING OF THE POSSIBILITY OF SUCH DAMAGES. CionSystems may update this document or the software application without notice.
CionSystems Inc
6640 185th Ave NE,
Redmond, WA-98052, USA
www.CionSystems.com
Ph: +1.425.605.5325 This guide is provided for informational purposes only, and the contents may not be reproduced or transmitted in any form or by any means without our written permission.