Ask the Community
Groups
Adding On-Premises Password Server - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>Note</strong>: This configuration requires you to have an AuthAnvil On-Premises Password Server v2.8 - newer installed before you begin.<br>If you do not have an AAoP subscription please contact IAM.sales@kaseya.com </p> <p>To add the On-Premises Password Server application to your On-Demand tenant launchpad please follow these steps.</p> <p><br><strong>Configuring your On-Demand tenant</strong></p> <p>Log into your On-Demand tenant</p> <p> </p> <ol><li>Select <strong>Directory Manager</strong>.</li> <li>Select <strong>Groups</strong>.<br>Select the green plus sign in the bottom right corner.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/9WGCHODQX7XX/a-png.png" alt="" width="59" height="35" class="embedImage-img importedEmbed-img"></img><br>Name the Group <strong>Password Server Users</strong>.<br><strong>Note</strong>: If you have other existing Groups for SSO users you can use one of these as well.<br>Select <strong>ADD GROUP</strong>.</li> <li>Select <strong>SSO Manager</strong>.</li> <li>Select the green plus sign in the bottom right corner.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/9WGCHODQX7XX/a-png.png" alt="" width="59" height="35" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Password Server</strong><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/9WGCHODQX7XX/a-png.png" alt="" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Application is Enabled</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/69SZGSGVPYV6/1-png.png" alt="" class="embedImage-img importedEmbed-img"></img><br>Choose the desired <strong>Authentication Policy</strong>.</li> <li>Select <strong>Protocol</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/IV5MYNHB746D/2-png.png" alt="" class="embedImage-img importedEmbed-img"></img><br>Update the <strong>Assertion Consumer Service URL</strong> to reflect your On-Premises FQDN.</li> <li>Select <strong>Advanced Settings</strong>.</li> <li>Under <strong>Signing Algorithm</strong> <br>Select <strong>SHA256<br>Note: </strong>If you installed Password Server v2.8 before Mar. 4th 2017 please apply this <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelp.scorpionsoft.com%2Fhc%2Fen-us%2Farticles%2F235781147">Hotfix</a> before you attempt to use this integration. </li> <li>Select <strong>Add Application</strong>.</li> <li>Select <strong>Permissions</strong>. <br>You will need to grant the application access to your desired user group.</li> <li>Select <strong>Signing and Encryption</strong>.</li> <li>Select <strong>Download Certificate<br></strong><img src="https://us.v-cdn.net/6032361/uploads/migrated/4O8NYSR65BYU/3-png.png" alt="" width="517" height="238" class="embedImage-img importedEmbed-img"></img><br><strong>Note</strong>: You will need this certificate to configure the Password Server.</li> <li>Select <strong>Save Changes</strong>.</li> </ol><p> </p> <p><strong>Allowing your On-Demand tenant access to your Premises Password Server</strong></p> <ol><li>Log into your On-Premises <strong>Password Server</strong>.</li> <li>Select <strong>Admin > General Settings</strong></li> <li> Select <strong>AuthAnvil Two Factor Auth Settings</strong>.</li> <li>Set the AuthAnvil SAS URL: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant)AuthAnvil/SAS.asmx </li> <li>Set the Site ID as 1</li> <li>Select <strong>Single Sign-On Settings </strong> </li> <li>Select <strong>Enable Single Sign On box</strong>.</li> <li> Fill in the following information for your AuthAnvil SSO server:<br>Issuer: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant)/AuthAnvil/SSO/Trust/site1<br>Identity Provider Login URL: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant)/SSO/logon.aspx<br>Identity Provider Logout URL: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28Your">https://(Your</a> On-Demand Tenant)/SSO/authorizedapps.aspx </li> <li>Select <strong>Import New SSO Certificate</strong> and upload the certificate you downloaded from your On-Demand Tenant.</li> <li>Select <strong>Save Changes</strong>.</li> </ol><p> </p> <h3 data-id="verifying-functionality">Verifying Functionality</h3> <p>Once the configuration is complete, you should test that everything is working as expected.</p> <ol><li>Log out of all existing AuthAnvil Password Server sessions before logging in.</li> <li>Log into your On-Demand tenant Launchpad.</li> <li>Select Password Server. You should now be logged into the On-Premises Password Server.</li> </ol> </article> </main>