From DualShield Server perspective, Parallels (2X) Remote Application Server (RAS) is an authentication Agent. In order for Parallels (2X) Server to work with DualShield Server, you must register your Parallels (2X) Server with your DualShield Server.
First, enable the Agent Auto Registration function in your DualShield server. In the DualShield Administration Console, navigate to "Authentication | Agents", then click "AUTO REGISTRATION" button in the toolbar.
Select the "Enabled" tickbox, to allow registration of Agents.
You can specify a start and end date, including where registration would be possible. With no dates specified, the allowance will remain ongoing.
For added security, you can specify the IP Address(es) of the remote system that will register the Agent with DualShield, preventing any other remote appliance from registering automatically.
Finally, click "SAVE" to update settings.
Log in to your Parallels (2X) Remote Application Server Console
Select "Connection" on the left pane.
Select the "Second Level Authentication" tab.
Click on the '+' button on the top right
Select Deepnet DualShield from the dropdown
Fill in the name of the MFA Provider and click Next
In the "Server" enter the FQDN or IP of your DualShield Authentication Server.
Select "Enable SSL" if your DualShield Server is installed to operate on SSL mode.
Click "Check Connection".
9. IMPORTANT: IGNORE 'DEEPNET SERVER NOT VALID' MESSAGE. Just click Yes heand the DualShield 2X Agent will be registered.
Click "OK", you will see the following message box:
Click "OK".
Click "Next"
On the next screen click on the ellipses to the right of Application, then double-click the Application you created in Parallels DualShield Configuration from the list of applications
If the machine, hosting Parallels RAS is domain joined, the Default domain should auto-populate.
Next, set the Authentication Mode. There are three options to choose from the drop-down menu.
Mandatory for all users
If this option is enabled, then two-factor authentication is required for all users.
Create tokens for domain-authenticated users
If this option is enabled, then the Parallels (2X) Application Server will ask the DualShield Authentication Server to create a specified token type for user as soon as the user’s domain credential, i.e. AD password is successfully verified.
Use only for users with a Deepnet Account
(This option is deprecated and you do not need to use)
It is recommended that you keep the default Mandatory for all users (seeing as auto-provisioning of tokens can be set on the DualShield Admin Console see Provision MobileID tokens automatically to users)
Click Finish