Configuring Parallels RAS for Deepnet
List of Supported Tokens
- SecureID (RSA)
- DigiPass (Vasco)
Connect to Deepnet Unified Authentication
- In the RAS Console, select the Connection category and then click the Multi-factor authentication tab.
- In the Provider drop-down list, select Deepnet and click the Settings button. The Deepnet Properties dialog opens.
- On the Connection tab, enter the server name and port that you saved while setting up your authentication sever. By default, the port number is set to 8080. Click on Check Connection to test that your Authentication Server can be reached. You can choose to connect over SSL to your authentication server.
- Click the Application tab.
- Select the application profile that will use Deepnet to authenticate its users. You can also create an application which will be added on the Deepnet server.
- The Default Domain field enables you to choose the default domain user for authentication and when users are added. Any Deepnet user accounts imported or verified will be done so using this default domain.
- Select the Use LDAP option when importing Deepnet user accounts and a group that contains other sub-groups.
- Click the Import Deepnet user accounts… button to automatically add the specified users/groups to the Deepnet application.
- Click the Verify Deepnet user account names button to check that all users in the Deepnet application are in the following format: \\domain\username. Users added in the format of username@domain will be automatically changed to the appropriate format and users without a domain will have the default domain assigned to them.
- Click the Authentication tab.
- In the Mode drop-down list, select the mode how you want your users to be authenticated:
- Mandatory for all users means that every user using the system must log in using two-factor authentication.
- Create token for Domain Authenticated Users will allow Parallels RAS to automatically create software tokens for Domain Authenticated Users. Choose a token type from the drop down list. Note that this option only works with software tokens.
- Use only for users with a Deepnet account will allow users that do not have a Deepnet account to use the system without having to log in using two-factor authentication. Note that if a user has a Deepnet account, but the account is configured as not required to use 2FA, the AD authentication will be used instead.
- In the Allow Channels section, you can specify what channels are available to the user to activate the token or when requesting a Quick ID OTP. For example, if you select Email, the activation code can be sent only via email. If you select SMS, the activation code is sent via SMS.