If you are new to DualShield, then you might want to first refer to the general instruction on how to build an application in DualShield.

Complete the following steps to build an application for computer MFA logon.

Create logon procedure for computer MFA

For computer MFA logon, the type of logon procedure is called Windows. It is named as such due to historical reasons. 

Below is the general guide for creating a logon procedure in DualShield 

In the Admin Console, in the side panel, select "Authentication | Logon Procedure"

Click the "CREATE" button on the toolbar

In the "Name" field, enter a name for this new logon procedure, e.g. "Office 365"

In the "Type" field, select the type of the logon procedure from the drop list, e.g. "Web SSO"

Click the "SAVE" button to save it.


Now that a new logon procedure is created, you want to add logon steps.

To add logon steps to a logon procedure or to change logon steps, firstly navigate to the logon procedure.

Navigate to Authentication | Logon Procedures

Click the context menu icon "..." of the application to be edited, e.g. "Office 365"

select "Logon Steps" to bring up the logon steps editor

To add a logon step, click the "ADD" button

Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password" 

Click the "SAVE" button to save it

You can change the order of the steps by clicking the "UP" and "DOWN" buttons.

Make sure that the type of the Logon Procedure you have created is Windows 

Once a logon procedure has been created, you need to add logon steps into the newly created logon procedure.

Logon Step for Computer MFA Logon 

The computer 2FA or MFA logon process is a 2-step or multi-step verification procedure. The first step is the AD credential (i.e. AD password) verification, and the second step is the second factor such as one-time passcode etc. The first factor, i.e. AD password, is always required and actually verified by the AD itself, and the second factor, such as an OTP token or FIDO key, is verified by the DualShield MFA server. Therefore, for 2FA, you only need to add one logon step into the logon procedure and you only need to add a second factor into the logon step.

The example below is a logon step that includes 2 authentication options, one-time password and on-demand password, which means that the users will be allowed to authenticate themselves using either of the credentials. 



Create application for computer MFA

In DualShield, an application does not have a type. Therefore, creating an application for any integration is the same. 

In the admin console, in the side panel, select "Authentication | Applications"

Select "CREATE" on the toolbar

Select the Realm to be linked to this application, e.g. Deep.Net

Select the Logon Procedure to be used by this application, e..g. Office 365

Click "SAVE" to save the application.



However, you must select a Logon Procedure that is of the type of Windows. In the example below, we create an application with a name called "Computer Logon" and the logon procedure we select is a logon procedure called "Computer Logon" that we have already created.

 


  • No labels