To allow users to use a FIDO U2F key to verify themselves when they try to sign in to an application, you need to add the authentication method FIDO U2F into the logon steps of the application.

For instructions on how to build or change a logon procedure, expand the link below

In DualShield, a logon procedure defines how users should be authenticated when they attempt to logon to an application. As DualShield supports various types of applications, e.g, VPN, SAML, Desktop Login, Outlook Email etc, there are various types logon procedure.
ApplicationLogin Procedure ExamplesComment
VPN

RADIUS

Cisco, Palo Alto, Juniper

Web/Cloud SAML Supporting Services

Web SSO

Office 365, G Suite, Service Now


IIS Web ApplicationsWeb SSOOWA, RDWeb
Computer LogonWindowsWindows logon, MacOS logon
Desktop to Web SSODesktop SSOOffice 365
Exchange On-PremisesExchange MailOutlook Anywhere, ActiveSync
Exchange OnlineEnhanced ClientActiveSyncObsolete
VMware View VMware View Agent
Obsolete
Parallels Remote Access Server2X Agent

LDAP Supporing ApplicationsLDAP Agent

DualShield Provisioning Server (DPS)Provisioning Server
Obsolete
DualShield Reset Password (DRP) ServiceReset Password

DualShield Unlock Account (DUA) ServiceUnlock Account

DualShield Emegency Access (DEA) ServiceEmegency Access

Deepnet AuthenticatorDeepnet Authenticator 


A logon procedure consists of one or more logon steps. In each logon step, the system administrator defines the authenticators that can be used by users to authenticate themselves.


A logon procedure must include one or many logon steps. Therefore, to build a logon procedure you need to create logon procedure then add logon steps.


In the Admin Console, in the side panel, select "Authentication | Logon Procedure"

Click the "CREATE" button on the toolbar

In the "Name" field, enter a name for this new logon procedure, e.g. "Office 365"

In the "Type" field, select the type of the logon procedure from the drop list, e.g. "Web SSO"

Click the "SAVE" button to save it.


Now that a new logon procedure is created, you want to add logon steps.

To add logon steps to a logon procedure or to change logon steps, firstly navigate to the logon procedure.

Navigate to Authentication | Logon Procedures

Click the context menu icon "..." of the application to be edited, e.g. "Office 365"

select "Logon Steps" to bring up the logon steps editor

To add a logon step, click the "ADD" button

Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password" 

Click the "SAVE" button to save it

You can change the order of the steps by clicking the "UP" and "DOWN" buttons.

To add logon steps to a logon procedure or to change logon steps, firstly navigate to the logon procedure.

Navigate to Authentication | Logon Procedures

Click the context menu icon "..." of the application to be edited, e.g. "Office 365"

select "Logon Steps" to bring up the logon steps editor

To add a logon step, click the "ADD" button

Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password" 

Click the "SAVE" button to save it

You can change the order of the steps by clicking the "UP" and "DOWN" buttons.

In the example below, we add FIDO U2F into the logon procedure of Windows Logon as the second factor

  • No labels