View Source

Create a Web Logon Procedure

Login to the DualShield Management Console
In the main menu, select “Authentication | Logon Procedure”
Click the “Create” button on the toolbar
Enter “Name” and select “Web SSO” as the type
Click “Save”
Click the Context Menu icon of the newly created logon procedure, select “Logon Steps”
In the popup windows, click the “Create” button on the toolbar
Select the authentication method, i.e. “Static Password”
Click "Save"
Repeat from 7,8 & 9 to create the second logon step, i.e. "One-Time Password"

Create a Web application

In the main menu, select “Authentication | Application”
Click the “Create” button on the toolbar
Enter “Name”
Select “Realm”
Select the newly created logon procedure
Click "Save"
Click the context menu of the newly created application, select "Agent"
Select the SSO Server
Click "Save"
Click the context menu of the newly created application, select "Self Test"

Create a Service Provider

In the main menu, select "SSO | Service Providers", click "Create"
Select the "SSO Server", and enter "Name"
Select "Type" as "WS-Federation"
Click on the "Edit" button to add Attributes

DualShield MFA Platform > DualShield Configuration [MS-SP] > Sharepoint01.png

You now need to add attributes that match the 'RoleClaims' and 'identity claims' as specified in the Powershell scripts that will be set up and run in the 'SharePoint Configuration' section.

5. Click 'Create'

DualShield MFA Platform > DualShield Configuration [MS-SP] > Sharepoint02.png

6. Create an attribute for the 'RoleClaims'. This will have a fixed value which will contain the name of the role you have setup in the Link Groups script

DualShield MFA Platform > DualShield Configuration [MS-SP] > Sharepoint03.png

(Remember to replace NameOfRole with the actual name specified in the RoleClaims)

7. You now create the 'identity claims attributes' which will be mapped to AD attributes. There are usually three attributes containing emailaddress, givenname and surname. (see enable SSO script)

You can map a value as follows:

DualShield MFA Platform > DualShield Configuration [MS-SP] > Sharepoint04.png

In the "Maps To" section click on the corresponding search button

DualShield MFA Platform > DualShield Configuration [MS-SP] > Sharepoint05.png

Here you will select the Identity Source corresponding with your domain and choose the Email identity attribute from the drop down list.

DualShield MFA Platform > DualShield Configuration [MS-SP] > Sharepoint06.png

Remember to make sure Return Response is enabled on all your attributes.

Click Save

8. Repeat the process for givenname and surname attribute mappings until you get a list as below:

DualShield MFA Platform > DualShield Configuration [MS-SP] > Sharepoint07.png

9. Click "Save"

10. Click "Save" at the bottom of the New Service Provider window.