View Source

There may be a requirement to protect a PC that is not joined to the domain or even connected to the same network. We have a solution for this. It is fairly easy to set up, but there are a few extra prerequisites needed in order to get this working

Prerequisites

Make a note of the host name of the computer. In this case it is 'ABC'

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > NoDom1.png

Create some local user accounts and make sure the Administrator account is active.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > NoDom3.png

Create a Virtual Domain (This is required as the Stand-alone machines' host name will act as it's own domain.)

Login to the DualShield Administration Console and go to Identity>Identity Sources

Click on on the top right.

It is recommended to specify the hostname of the Non-Domain joined machine as the friendly name of this identity source.

Also, make sure the Type is set to SQL

Click Finish

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > nondom11.png

Go to Directory>Domains

Click on on the top right.

In the 'Domain-New' Dialogue box, select the Identity Source that you have just created from the drop-down

It is recommended to match the Name, DNS Name and NetBIOS Name with the hostname of the Stand-alone machine

Click Save

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > nondom12.png

The Virtual domain will now be listed under Domains.

Click on the corresponding ellipses ad select Users from the menu

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > nondom13.png

Create an Application

Authentication> Applications

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > CompleteFTP5.png

Click on on the top right.

In the new Application window, please enter the following information:

Option	Value
Name:	Enter a friendly name
Realm:	Select your Realm
Logon Procedure:	Select the Logon Procedure you had created in the previous step

Click: Save

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera3.png

Bind the Application to an SSO Server Agent

Select the drop down menu corresponding to the Application you will be using and click on Agents.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera4.png

Tick the box of the SSO Server you will be using and click Save below.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-14_17-55-0.png

Create a Service Provider Profile

Go to SSO>Service Providers

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera19.png

Click on on the top right.

Fill in the details as per screenshot on right and make sure you select SAML 2.0(Without Metadata) as Type.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera5.png

Now fill out Entity ID and ACS URL.

Option	Value
Entity ID:	https://prefix.yourdomainname.com
ACS URL:	https://prefix.yourdomainname.com/ServicesPortal/saml

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera6.png

The completed Service Provider dialogue box will look like this:

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera7.png

Click Save.

Download the IDP Metadata file.

Go to SSO>SSO Servers

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-15_14-49-15.png

Select the drop down menu corresponding to the SSO server you will be using and click on Download IDP Metadata.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-15_14-51-57.png