Create a logon Procedure.
1) In the DualShield Administrator Console go to Authentication>Logon Procedures
2) Click 
3) Configure the Logon Procedure
Name: Friendly Name
Type: Web SSO
Click Save
4) Click on the Ellipses corresponding to the Logon Procedure and Select Logon Steps from the drop down menu.
5) Click 
Tick the box next to Static Password. We will use this as the first Logon Step
6) Click Save
7) Repeat and Add a second step. In this example I shall add One-Time Password.
Create an Application
1) In the DualShield Administrator Console go to Authentication>Applications
2) Click
3) Configure the Application
Name: Friendly Name
Realm: Select a Realm that is bound to your domain
Logon Procedure: Select the new Logon Procedure.
Click Save
4) Click on the Ellipses corresponding to the Application and Select Agents from the drop down menu
5) Put a tick in the box next to the Single Sign-on Server Agent.
6) Click Save
Create the Access Policies.
1) In the DualShield Administrator Console go to Shortcuts>Check Policies
2) Search for the Access Control policy
3) Click on on the top right
4) Configure the group held access policy
Category: Access Control
Holder: Group
Domain: Your domain
Group: The Exchange admin security group, you set up on AD
You can Name the policy anything, but make sure it is something to do with what this policy is about
Apply the policy to the authentication Application you have created.
Set Access to Allowed
Click Save
5) Click on on the top right
6) Configure a domain held deny policy to prevent access from everyone else in the rest of the domain.
Category: Access Control
Holder: Domain
Domain: Specify your domain name
Specify an appropriate name for this policy.
Apply the policy to the authentication Application you have created.
Set Access to Denied