beautypg.com

0 introduction, 1 scope of document, 2 prerequisites – HID Juniper and 4TRESS AS User Manual

Page 4: Introduction, Scope of document, Prerequisites

background image

ActivIdentity 4TRESS FT2011 Web Tokens and Juniper Secure Access | RADIUS Channel Integration Handbook

P 4

External Use | May 1, 2012 | © 2012 ActivIdentity

1.0 Introduction

The Juniper® Networks SA Series SSL VPN Appliances enable remote and mobile employees, customers, and

partners to gain secure access to corporate Virtual Private Network resources and applications. Providing secure

access via a VPN over existing Internet connections requires strong, two-factor authentication to protect

resources. The ActivIdentity solutions that work with Juniper Networks incorporate SSL VPN solutions with

versatile, strong authentication that is flexible, scalable, and simple to manage. ActivIdentity offers two solutions:

ActivIdentity® 4TRESS™ AAA Server for Remote Access—Addresses the security risks associated

with a mobile workforce remotely accessing systems and data.

ActivIdentity 4TRESS™ Authentication Server (AS)—Offers support for multiple authentication

methods that are useful for diverse audiences across a variety of service channels (SAML, Radius,
etc.), including user name and password, mobile and PC soft tokens, one-time passwords, and
transparent Web soft tokens.

1.1

Scope of Document

This document explains how to set up ActivIdentity 4TRESS FT2011 Web token authentication with the Juniper

Networks Secure Access (SA) Series of appliances via a RADIUS channel. Use this handbook to enable

authentication via a Web soft token for use with an SSL-protected Juniper VPN.

1.2

Prerequisites

ActivIdentity 4TRESS Authentication Server FT2011.

Juniper SA version 7.1.x installed and configured.

The Web soft token is configured to work with or without a PIN.

Users have static LDAP passwords for access to the Soft Token Portal to enroll web tokens.

The Juniper login page has been customized.

The ability to manage double authentication (LDAP, RADIUS) sequentially from the same sign-in

page on the Juniper network.

Note: Using Juniper double authentication (an LDAP password plus a one-time password) is optional.

You can configure the sign-in page so that users do not have to use static LDAP passwords.

See also other documents in the category HID Equipment: