IDaaS ISAPI Filter
The IDaaS ISAPI Filter solution provides strong second-factor authentication to Microsoft Outlook Web Access (OWA), Remote Desktop Web Access (RD Web Access), Integrated Windows Authentication (IWA), SharePoint, and generic TMG forms-based authentication types. The solution is made up of two components: the filter component and the authentication application component.
Users logging in to ISAPI must complete two authentication challenges. For first-factor authentication, use one of the ISAPI default authentication methods listed in the table below (such as entering an ISAPI account password).
ISAPI supports the following first-factor authentication methods:
| ISAPI authentication method | Identity as a Service authentication method |
|---|---|
| ISAPI first-factor authentication | Based on the Identity as a Service Resource Rule. Note: Skip Password is not supported. It must be set to Password or External. |
| Entrust password authentication | Password |
| Outlook Web Access (OWA) authentication | EXTERNAL |
| Remote forms-based authentication | EXTERNAL |
| Integrated Windows authentication | EXTERNAL |
| External authentication | EXTERNAL |
The following authenticators are supported for second-factor authentication
- Token (software and hardware)
- Push notification
- One-time password
- Grid
- Temporary Access Code
- Knowledge-based authentication
This integration provides the instructions to add Entrust ISAPI Filter to Identity as a Service.
Integrate ISAPI Filter
-
To complete this procedure, you need to reference the Entrust Identity ISAPI Filter 13.0 Technical Integration Guide available on Entrust TrustedCare.
noteTo ensure that you are using the latest version of the document, it is best to download the document from Entrust Trusted Care.
-
Add IDaaS ISAPI Filter to Identity as a Service
- Click > Security > Applications. The Applications page appears.
- Click Add. The Select an Application Template page appears.
- Do one of the following:
- Select Identity as a Service Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.
- In the Search bar, enter a search option to filter for the application you want to add to IDaaS.
- Click IDaaS ISAPI. The Add IDaaS ISAPI page appears.
- In the Application Name field, type a name for your application.
- In the Application Description field, type a description for your application.
- Optional. Add a custom application logo as follows:
- Click next to Application Logo. The Upload Logo dialog box appears.
- Click to select an image file to upload.
- Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.
- If required, resize your image.
- Click OK.
- Click Next. The General Settings page appears.
- Select Not Provided as the Source of the Client IP Address for Risk Conditions.
- Select Do not use IP Address for Resource Rule Risk Factors if you only want to use the IP address for Audits but not for the resource rule risk conditions.
- Click Submit. The Application ID is generated. You need to provide this information when you install the ISAPI Filter.
- Click Done.
-
Be sure to copy the Application ID. You need this ID to complete the installation of the ISAPI Filter for Identity as a Service.
-
note
When used for OWA protection, the ISAPI module requires that the first factor be set to External in the Identity as a Service Resource Rule. If this is set to Skip Password or Password, the user authentication from OWA will fail.
-
Using the Entrust ISAPI Filter documentation, complete the following:
-
Install the Entrust ISAPI Filter (see the section Installing the Entrust ISAPI Filter).
-
Configure ISAPI or Identity as a Service (see the section, Configuring ISAPI Filter for Identity as a Service).