Using the secure access wizard, Overview, 4 using the secure access wizard – HP Identity Driven Manager Software Licenses User Manual
Page 179
4-1
4
Using the Secure Access Wizard
Overview
The Secure Access Wizard (SAW) feature in IDM is designed to simplify the initial
setup of IDM by reducing the complexity of securing the network edge. SAW
facilitates the process of securing the network edge by targeting a group of devices
and using a highly intuitive GUI to configure network access rather than configuring
each device via CLI. Some major features of SAW include:
■
Setting the RADIUS server IP address and shared secret for a group of
devices
■
Setting the authentication methods for a group of devices
■
Configuring the authentication methods
Once you have decided to deploy IDM, you now need to secure the network edge by
enforcing 802.1X, Web-Auth, MAC-Auth, or any combination of the three (if
supported). There are several steps involved when a securing an edge device,
including:
■
Configuring all supplicant ports with 802.1X, Web-Auth or MAC-Auth
(preferably 802.1X for a more secure environment)
■
If 802.1X is chosen, selecting the authentication protocol, EAP or CHAP
■
Enabling session accounting so that IDM correctly detects user login and
log out
■
Optionally setting the interim update period
■
Optionally setting the re-authentication time-out
■
Adding the RADIUS server and the shared secret (key)
■
Activating the port authenticator
These steps need to be executed on all edge devices and will vary between wired and
wireless devices.