beautypg.com

0 introduction, 1 scope of document, 2 prerequisites – HID Juniper and ActivID AAA OOB User Manual

Page 4: Introduction, Scope of document, Prerequisites

background image

4TRESS AAA Out-of-Band Authentication (SMS) and Juniper® Secure Access | Integration Handbook

External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 4

1.0

Introduction

The Juniper® Networks SA Series SSL VPN Appliances enable remote and mobile employees, customers, and
partners to gain secure access to corporate Virtual Private Network resources and applications. Providing secure
access via a VPN over existing Internet connections requires strong, two-factor authentication to protect
resources. The HID Global Identity Assurance™ solutions that work with Juniper Networks incorporate SSL VPN
solutions with versatile, strong authentication that is flexible, scalable, and simple to manage. There are two
solutions:

• 4TRESS™ AAA Server for Remote Access—Addresses the security risks associated with a mobile workforce

remotely accessing systems and data.

• 4TRESS™ Authentication Server (AS)—Offers support for multiple authentication methods that are useful for

diverse audiences across a variety of service channels (SAML, Radius, etc.), including user name and
password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.

1.1

Scope of Document

This document explains how to set up 4TRESS AAA RADIUS out-of-band (OOB) authentication with the Juniper
Networks Secure Access (SA) Series of appliances. Use this handbook to enable authentication via OOB short
message service (SMS) for use with a Juniper VPN.

1.2

Prerequisites

• 4TRESS AAA Server is up-to-date (v6.7) with LDAP users and groups already configured.

• User phone numbers are stored in the LDAP server.

• Juniper SA version 7.1.x installed and configured.

• Users have static LDAP passwords.

• There is an existing Short Message Peer-to-Peer Protocol (SMPP) gateway to send one-time-password OOB

codes to users.

• The Juniper login page has been customized (illustrated in this handbook).

• The ability to manage double authentication (LDAP, RADIUS) sequentially from the same sign-in page on the

Juniper network.

Note: Using Juniper double authentication (an LDAP password plus an out-of-band, one-time
password) is optional. You can configure the sign-in page so that users do not have to use static
LDAP passwords.

See also other documents in the category HID Equipment: