Secure Mobile Access 100 10.2 Administration Guide

Introduction
Using Virtual Office
- Virtual Office Configuration
  - Virtual Office
    Virtual Office Overview
    Using the Virtual Office
  - SMA Connect Agent
    Supported Operating Systems
    Downloading and Installation
    Setting up the SMA Connect Agent
    Proxy Configuration
    Logs
    Browser Warning
    End Point Control (EPC)
    PDA (Personal Device Authorization)
    SonicWall Application
SonicWall Support
- About This Document

DUO Security Authentication

The SMA series supports DUO Security Authentication during user login. DUO Security Authentication login is now supported for different clients such as web browsers and Mobile Connect clients.

About DUO Authentication

DUO has several options for securing your authentication of users. Refer to information on the DUO website to determine which method works best for your SonicWall solution.

There are three main methods the receiver can use to authenticate with DUO :

DUO push: A prompt comes up on the screen from the DUO app that has been downloaded on the user’s mobile device.
Phone call: A call comes to the mobile device requesting the user to click one or more buttons to authenticate.
Passcode: A passcode comes by email or SMS/Text to the user’s mobile device, which the user then enters as part of the authentication process.

About RADIUS

RADIUS is a protocol or language SMA uses to authenticate users through the DUO authentication process. The SMA appliance uses RADIUS to communicate with the DUO authentication system.

DUO Security Authentication with SMA appliance

Configure SMA for multi-factor authentication using the following steps

Log in to the SMA appliance and navigate to Portals > Domains.
Add a new domain by clicking Add Domain.
Create a new RADIUS domain for DUO Authentication.
Navigate to Portals > Portals and modify the default portal for duo authentication.
On the General tab, select Display login message on custom login page to display custom login messages at login.
Remove the default Login Message and paste in the “<script src="https://api-f74dbf3b.duosecurity.com/frame/hosted/Duo-SonicWall-SRA-v1.js"></script>” message.
Access the user portal and choose DUO Authentication using the Radius credential for authentication.
Choose an authentication method for DUO Authentication and proceed with the login.
All three options, DUO Push, Call Me, or Passcode can be approved through a DUO application installed on a mobile device to proceed with the authentication.

Creating an Offloaded Web Application Portal

Log in to the user portal with DUO Authentication as the default user portal.
Navigate to Portals > Portals after logging in to the appliance using the Admin portal.
Click Offload Web Application to create an offloaded portal.
Click Next. On the Server page, enter the Application Server Address along with options selected as shown here.
Click Next twice. Remove the default Login Message and paste in the “<script src="https://api-f74dbf3b.duosecurity.com/frame/hosted/Duo-SonicWALL-SRA-v1.js"></script>” message.
Edit the DUO Radius domain to associate it with the DUO offloaded portal.
Edit the duo portal and paste the “<script src="https://api-f74dbf3b.duosecurity.com/frame/hosted/Duo-SonicWall-SRA-v1.js"></script>”duo security portal API configuration script into the Login Message field.
Enable Display custom login page and select Display login message on custom login page.
Access the offloaded portal (host entry is required if the DNS is not being used) and choose the duo authentication domain for duo authentication.
DUO Push, Call Me, or Passcode can be approved from a duo application installed on a mobile device to proceed with the authentication.
Ensure you have successfully accessed the offloaded portal with duo authentication.

Duo Security Authentication with Web Browser Login

For Duo Security Authentication with a Web Browser Login, after setting up the DUO portal configuration, you can login to a portal with DUO authentication in a web browser. Input a User Name and Password within a Radius domain. Prompt the DUO authentication page and select one authentication method such as Send Me a Push, Call Me, or Enter a Passcode. Click Login. After completing the DUO authentication, you should be redirected back to the portal.

The following screen indicates successful DUO authentication with the user portal.

DUO Security Authentication with Mobile Connect for iOS

For DUO Security Authentication with Mobile Connect for iOS, click connect for an SMA connection. Input a User Name and Password. Open the DUO Security Authentication page as a WKWebview page in your default browser. Select one authentication method such as Send Me a Push, Call Me, or Enter a Passcode. Click Login. WKWebview returns an error message if all conditions are not met.

DUO Security Authentication with Mobile Connect for macOS

For DUO Security Authentication with Mobile Connect for macOS, click connect for an SMA connection. Input a User Name and Password. Open the DUO Security Authentication page in your default browser. Select one authentication method such as Send Me a Push, Call Me, or Enter a Passcode. Click Login. After completing the DUO authentication, you should be redirected back to the portal.

DUO Security Authentication with Mobile Connect for Android

For DUO Security Authentication with Mobile Connect for Android, click connect for an SMA connection. Input a User Name and Password. Open the DUO Security Authentication page in your default browser. Select one authentication method such as Send Me a Push, Call Me, or Enter a Passcode. Click Login. After completing the DUO authentication with Mobile Connect, you should be redirected back to the portal.

< Prev Section

Next Section >