DualShield is application centric. After all, its main purpose is to protect business applications with multi-factor authentication. The diagram below illustrates the key components in the system and how application is related to those components.
The quickest way to get started is to create an application by using the Application Wizard. The Wizard will create an application and all other components, namely Identity Source, Domain, Realm and Logon Procedure in a few steps.
In the “Shortcuts” panel, click the “Application Wizard” link to launch the wizard. The application wizard consists of 4 steps.
Step 1: Application & Agent
DualShield supports various types of applications, e.g. Windows, VPN, Web, VMWare View and 2X etc. An application must be published on an agent that can support the type of the application.
Application Name: The name of application to be created.
Application Type: The type of the application.
Agent: The agent that the application will be published on.
Step 2: Logon Procedure
A logon procedure defines how users will be authenticated if they attempt to access the application, such as the total number of factors (steps) that user must be authenticated with, and the form of the factor to be used in each step.
You can select an existing logon procedure from the list, or you can create a new one by pressing the add (+) button.
If you decide to add a new logon procedure then the logon procedure wizard will be launched:
Enter the name of the logon procedure to be created, leave the option “ICE” unchecked. Click Next to continue:
On this page you will need to add one or more logon steps depending on the type of the application and your authentication policy.
Click the “Create” button to add a logon step:
A logon step can include more than one authenticator. If you include multiple authenticators in a step, then your users will be allowed to use any authenticator in the list on the step.
Once you have added all steps needed for the logon procedure, press “Finish” button.
Click "Next" button to continue.
Step 3: Realm & Domain
In DualShield, An Identity Source refers to a physical media that stores a database of users, and a Domain is a local structure that uses an identity source to define an organisation of users. Multiple domains can be grouped into a Realm.
An application can be accessed by a domain of users or users from a group of domains (realm). Therefore, an application must be linked to a realm.
Select an existing realm from the list, or pressing the add (+) button to create a new realm:
Enter the name for the new realm to be created.
Select an existing domain from the list, or press the add (+) button to create a new domain:
Select an existing Identity Source from the list, or press the add (+) button to create a new identity source:
Enter the name of the Identity Source to be created.
DualShield supports internal identity sources that are stored in its SQL database, as well as external identity source, i.e. LDAP user directories.
Select the type of the identity source, e.g. LDAP
Select the provider of the identity source, e.g. Active Directory
Click the “Next” button to continue.
The page shows how to connect to an Active Directory.
Directory URL: Enter the URL of connecting LDAP directory in the form of
ldap://ip-address, or ldap://host-name
Access User: A user who has the right to access all user accounts in the directory
Based DN: Select the Base DN in the LDAP directory that is to be used to build the domain
Click the “Finish” button (skip the subsequent pages):
DNS Name: The Fully Qualified Domain Name (FQDN) of the domain.
DNS Name is used by the IIS Agent for web applications.
NetBios Name: The host or machine name of the domain.
NetBios name is used by the Windows Agent for Windows logon.
Click the "Save" button to finish the creation of the newly identity source.
Step 4: Summary
Click the "Finish" button to finish the Application Wizard.