To build an application, you need to first build a realm and a logon procedure for the application
Realm is a collection of domains.
In the DualShield Admin Console, in the side panel, select "Authentication | Realms"
Click the "Create" button. This will bring up the new realm dialog window:
Select the domain to be included in the new realm, e.g. "deep.net"
Click the "Save" button to finish
A logon procedure must include one or many logon steps. Therefore, to build a logon procedure you need to create logon procedure then add logon steps.
In the Admin Console, in the side panel, select "Authentication | Logon Procedure"
Click the "CREATE" button on the toolbar
In the "Name" field, enter a name for this new logon procedure, e.g. "Office 365"
In the "Type" field, select the type of the logon procedure from the drop list, e.g. "Web SSO"
Click the "SAVE" button to save it.
Now that a new logon procedure is created, you want to add logon steps.
To add logon steps to a logon procedure or to change logon steps, firstly navigate to the logon procedure.
Navigate to Authentication | Logon Procedures
Click the context menu icon "..." of the application to be edited, e.g. "Office 365"
select "Logon Steps" to bring up the logon steps editor
To add a logon step, click the "ADD" button
Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password"
Click the "SAVE" button to save it
You can change the order of the steps by clicking the "UP" and "DOWN" buttons.
To add logon steps to a logon procedure or to change logon steps, firstly navigate to the logon procedure.
Navigate to Authentication | Logon Procedures
Click the context menu icon "..." of the application to be edited, e.g. "Office 365"
select "Logon Steps" to bring up the logon steps editor
To add a logon step, click the "ADD" button
Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password"
Click the "SAVE" button to save it
You can change the order of the steps by clicking the "UP" and "DOWN" buttons.
Once you have the logon procedure in place then you need to create an application
In the Admin Console, in the side panel, select "Authentication | Applications"
Select "CREATE" on the toolbar
Select the Realm to be linked to this application, e.g. Deep.Net
Select the Logon Procedure to be used by this application, e.g.. Office 365
Click "SAVE" to save the application.
Finally, you need to publish the application on an authentication agent so that the application will be visible to users and accessible by the users.
To publish an application on an authentication agent, first navigate to the application list by selecting "Authentication | Applications" in the side panel
Click the context menu icon "..." of the application, e.g. "Office 365" to access its context menu
select "Agents" in the context menu
select the authentication agent on which the application is to be published, e.g. "Single-Sign-on Server"
Click "SAVE" button to save the settings
By default, a newly created application inherits its logon policy from the default system logon policy. It is optional but recommended that you should create a dedicated logon policy for the application so that you can have a clear and granular control on how 2FA or MFA should be enforced on users who are allowed to access the application.
To create or edit a policy, we need to open the policy editor window first.
Select "Administration | Policies" on the side panel,
To create a new policy, click the "CREATE" button on the toolbar to open the policy editor window.
In the policy editor, firstly select Logon from the Category drop-down list
Policy Bindings
Enter or select the following policy bindings:
Holder:
The policyholder defines the scope of the policy.
Name:
A unique name that describes this policy
Applications:
Optionally, you can bind the policy to a specific application or a list of applications. To specify the application(s), select the field: Apply policy to these applications
If the field Apply policy to these applications is left empty, then the policy will be applied to all applications.
Policy Options
There are 3 authentication options:
Multi-Factor Authentication is not required for all users
Multi-Factor Authentication is required for users with tokens only
Multi-Factor Authentication is required for all user
Multi-Factor Authentication is not required for all users
This option means that all users will be exempted from 2FA or MFA. This option is typically used to exempt a group of users from 2FA or MFA.
Multi-Factor Authentication is required for users with tokens only
This option means that users who have a 2FA/MFA token in their account will be enforced to login with 2FA/MFA, while those users who do not have a token 2FA/MFA token will be exempted from 2FA/MFA in the logon process.
Multi-Factor Authentication is required for all users
This option means that all users will be enforced to login with 2FA/MFA
Please note that users in the context of a policy include users in the scope of the policy only, i.e. the policy holder.