beautypg.com

0 introduction, 1 scope of document, 2 prerequisites – HID Juniper and AAA Server User Manual

Page 4: Introduction, Scope of document, Prerequisites

background image

ActivIdentity 4TRESS AAA Web Tokens and Juniper Secure Access | Integration Handbook

P 4

External Use | May 1, 2012 | © 2012 ActivIdentity

1.0 Introduction

The Juniper® Networks SA Series SSL VPN Appliances enable remote and mobile employees, customers, and

partners to gain secure access to corporate Virtual Private Network resources and applications. Providing secure

access via a VPN over existing Internet connections requires strong, two-factor authentication to protect

resources. The ActivIdentity solutions that work with Juniper Networks incorporate SSL VPN solutions with

versatile, strong authentication that is flexible, scalable, and simple to manage. ActivIdentity offers two solutions:

ActivIdentity® 4TRESS™ AAA Server for Remote Access—Addresses the security risks associated

with a mobile workforce remotely accessing systems and data.

ActivIdentity 4TRESS™ Authentication Server (AS)—Offers support for multiple authentication

methods that are useful for diverse audiences across a variety of service channels (SAML, Radius,
etc.), including user name and password, mobile and PC soft tokens, one-time passwords, and
transparent Web soft tokens.

1.1

Scope of Document

This document explains how to set up ActivIdentity 4TRESS AAA Web token authentication with the Juniper

Networks Secure Access (SA) Series of appliances. Use this handbook to enable authentication via a Web soft

token for use with an SSL-protected Juniper VPN.

1.2

Prerequisites

The ActivIdentity 4TRESS AAA Server is up-to-date (v6.7) with LDAP users and groups already

configured.

Juniper SA version 7.1.x installed and configured.

The Web soft token is configured to work with or without a PIN.

Users have static LDAP passwords for access to the Self Help Desk to enroll web tokens.

The Juniper login page has been customized (illustrated in this handbook).

The ability to manage double authentication (LDAP, RADIUS) sequentially from the same sign-in

page on the Juniper network.

Note: Using Juniper double authentication (an LDAP password plus a one-time password) is optional.

You can configure the sign-in page so that users do not have to use static LDAP passwords.

See also other documents in the category HID Equipment: