Watchguard XTM and Active Directory

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Watchguard XTM and Active Directory

Dominic
I currently use IPSEC VPN with AD integration provided by a Watchguard and SBS2008. I want to implement some form of strong authentication and this software seems to be a viable option for me. I need to know for my testing purposes how to have a group with users that are allowed to use the VPN populated into the WiKID system. I don't want to have to create users manually for all VPN enabled accounts. I want to be able to create a group in my AD infrastructure and have every user I add to the group able to authenticate with this. Is this possible? What steps do I need to take to get it setup? I saw some of the guides that are available but none of them deal with this directly. I would more than likely want to use the enterprise version so if testing goes well, I will purchase directly.

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Watchguard XTM and Active Directory

Nick Owen
Administrator
Dominic:

WiKID uses asymmetric keys generated on the tokens that are then
exchanged with the server. This means that there are no shared secrets
that we might keep for licensing or that you would have to keep
secure. However, it also means that this exchange must occur.

What we recommend is that you use the example registration scripts we
provide on the server to let users register themselves on the WiKID
server.  The scripts should be secured for example by only being
available on your LAN.  Please see
http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-let-users-add-themselves-using-ad-credentials.

The users will login with their AD credentials and be asked to enter
the registration code  Once they do, the scripts will validate that
user.  They can then add a second token under the same username.

Alternatively, you can do pre-registration.  This only works for the
PC tokens, however.  Please see this page:
http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-configure-pre-registration-of-users.
 When the users start the token, they will be prompted for their PIN
twice and the pre-registration secret.  Once entered, they will be
registered. Obviously, this method depends upon the security of the
pre-registration secret.

HTH,

Nick


On Sat, Aug 18, 2012 at 4:35 PM, Dominic [via WiKID Strong
Authentication Forums] <[hidden email]>
wrote:

> I currently use IPSEC VPN with AD integration provided by a Watchguard and
> SBS2008. I want to implement some form of strong authentication and this
> software seems to be a viable option for me. I need to know for my testing
> purposes who to have a group with users that are allowed to use the VPN
> populated into the WiKID system. I don't want to have to create users
> manually for all VPN enabled accounts. I want to be able to create a group
> in my AD infrastructure and have every user I add to the group able to
> authenticate with this. Is this possible? What steps do I need to take to
> get it setup? I saw some of the guides that are available but none of them
> deal with this directly. I would more than likely want to use the enterprise
> version so if testing goes well, I will purchase directly.
>
> Thanks.
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Watchguard-XTM-and-Active-Directory-tp7574630.html
> To start a new topic under WiKID Strong Authentication Forums, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication