beautypg.com

0 introduction, 1 scope of document, 2 prerequisites – HID Juniper and ActivID AS OOB User Manual

Page 4: Introduction, Scope of document, Prerequisites

background image

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access | RADIUS Channel Integration Handbook

External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 4

1.0 Introduction

The Juniper® Networks SA Series SSL VPN Appliances enable remote and mobile employees, customers, and
partners to gain secure access to corporate Virtual Private Network resources and applications. Providing secure
access via a VPN over existing Internet connections requires strong, two-factor authentication to protect
resources. The HID Global Identity Assurance™ solutions that work with Juniper Networks incorporate SSL VPN
solutions with versatile, strong authentication that is flexible, scalable, and simple to manage. HID Global Identity
Assurance offers two solutions:

• 4TRESS™ AAA Server for Remote Access—Addresses the security risks associated with a mobile

workforce remotely accessing systems and data.

• 4TRESS Authentication Server (AS)—Offers support for multiple authentication methods that are

useful for diverse audiences across a variety of service channels (SAML, RADIUS, etc.), including
user name and password, mobile and PC soft tokens, one-time passwords, and transparent Web soft
tokens.

1.1

Scope of Document

This document explains how to set up 4TRESS FT2011 RADIUS out-of-band (OOB) authentication with the
Juniper Networks Secure Access (SA) Series of appliances. Use this handbook to enable authentication via OOB
short message service (SMS) and Email for use with a Juniper VPN.

1.2

Prerequisites

• 4TRESS FT2011.

• User phone numbers and Email addresses are stored in the LDAP server.

• Juniper SA version 7.1.x installed and configured.

• Users have static LDAP passwords.

• There is an existing Short Message Peer-to-Peer Protocol / Simple Mail Transfer Protocol

(SMPP/SMTP) gateway to send one-time-password OOB codes to users.

• The Juniper login page has been customized.

• Ability to manage double authentication (LDAP, RADIUS) sequentially from the same sign-in page on

the Juniper network.

Note: Using Juniper double authentication (an LDAP password plus an out-of-band, one-time
password) is optional. You can configure the sign-in page so that users do not have to use static
LDAP passwords.

See also other documents in the category HID Equipment: