Ask the Community
Groups
Adding Passly 2FA to Virtual System Administrator (VSA) - 9.1 or Later - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>When you access the Passly Module for the first time in VSA - newer you will notice a configuration wizard. This configuration wizard will allow you to configure the Passly integration built into VSA.</p> <p><strong>Note</strong>: This integration requires a working Passly tenant. If you are not a current Passly subscriber, please contact your Account Manager.</p> <p> </p> <ol><li>Log into Virtual System Administrator.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/5HJZ2JB9J5W4/name-2fa6-png.png" alt="_name_2fa6.PNG" class="embedImage-img importedEmbed-img"></img></li> <li> Select the <strong>AuthAnvil Module</strong> > <strong>Configure AuthAnvil Settings<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/O6PPFWQVIF1P/name-2fa-png.png" alt="_name_2fa.PNG" class="embedImage-img importedEmbed-img"></img><br></strong> </li> <li>Select - <strong>I would like to configure Two Factor Auth Only</strong>.<img src="https://us.v-cdn.net/6032361/uploads/migrated/KJE8QQ76N5SZ/name-2favrpws.png" alt="_name_2favrpws.png" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Begin</strong>.<br>Next Enter the SAS URL for your Passly Server.<img src="https://us.v-cdn.net/6032361/uploads/migrated/9WUVVCKHJOBH/name-2fa2-png.png" alt="_name_2fa2.PNG" class="embedImage-img importedEmbed-img"></img><br><strong>Note</strong>: Your SAS URL will be <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> company).my.passly.com/AuthAnvil/SAS.asmx<br>: Site ID is always 1 </li> <li>Define a Whitelisted User that will not require Two Factor Authentication.<img src="https://us.v-cdn.net/6032361/uploads/migrated/BQQ8I525HR6N/name-2fa2-png.png" alt="_name_2fa2.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Verify Settings</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/AOFL0ULX9JDZ/name-2favrpws3.png" alt="_name_2favrpws3.png" class="embedImage-img importedEmbed-img"></img></li> <li>Once you see the settings are valid select <strong>Next</strong>.</li> <li>Now that you have the logon protection configured you can select Finish to apply the settings.<img src="https://us.v-cdn.net/6032361/uploads/migrated/72VI9MDHBSSB/name-2fa5-png.png" alt="_name_2fa5.PNG" class="embedImage-img importedEmbed-img"></img></li> </ol><p>You should now see the same login prompt when a user is required to use 2FA logs in.</p> <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/RWVDGQPF54SV/name-2fa6-png.png" alt="2fa6.PNG" width="405" height="313" class="embedImage-img importedEmbed-img"></img><br><br></p> <p><strong>Note</strong>: You will not see the 2FA prompt until after you enter your password and select Log On.</p> <p><strong>Note</strong>: This requires a login from a user not in the White list.</p> <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/0HBECZ4JEWQC/name-logonprompt-png.png" alt="_name_logonprompt.PNG" class="embedImage-img importedEmbed-img"></img><br><strong>Note For R9.1 - older</strong>: Users will need to enter a four-digit pin here as well as the One Time Password.<br>For the Pin, your users will use Pin: 1111<br>The actual Pin requirement was a holdover from the old On-Prem configuration. On-Demand does not use the Pin, however, it respects the value being submitted.<br><strong>Note</strong>: If you are using <strong>R9.4 -</strong> newer only the OTP is required.<br><strong>Note</strong>: As of R9.5 if you enter your Passly password in the OTP prompt it will send a PUSH notice to your mobile Authenticator to approve.</p> <p> </p> <p><strong>Configuration</strong></p> <p>Once logged in you can manage your user & IP white lists via<strong> AuthAnvil</strong> Module ><strong>Two Factor Auth</strong> > <strong>Configure Kaseya Logon</strong>. </p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/UD4B6E0QCDRX/name-2fa7-png.png" alt="_name_2fa7.PNG" class="embedImage-img importedEmbed-img"></img></p> <p>In the AuthAnvil Module, you can choose to enable the Two Factor login requirement.</p> <p>Whitelisted users should be entered in the following format. Comma-separated with no spaces</p> <blockquote class="blockquote"> <p>fred,john,james <strong>to</strong> domain.com/fred,domain.com/john,domain.com/james</p> </blockquote> <p> </p> <p>IP's can be entered as comma-separated with no spaces. IPs will need to be entered using CIDR format.</p> <blockquote class="blockquote"> <p><strong>Example</strong>: 192.168.1.1/32,10.10.1.1/32</p> </blockquote> <p> </p> <p>Select <strong>Save Settings</strong> before logging out.</p> </article> </main>