Hi,
Can safeguard be integrated with defender?, So it can provide 2FA in one of 2 cases
1- login to safegaurd
2- login to SSH or RDP session using OTP Adding to Password authentication
Hi,
Can safeguard be integrated with defender?, So it can provide 2FA in one of 2 cases
1- login to safegaurd
2- login to SSH or RDP session using OTP Adding to Password authentication
Hi Mahmoud,
1. Yes SPP supports adding a Radius Server as secondary authentication for user login to SPP and Defender is a Radius Server.
2. SPS also supports adding a AA Plugin for Radius which can be configured to point to Defender to add OTP on SSH or RDP sessions proxied via SPS.
Thanks!
Do you have documentation guide how to do it ?
The SPP admin guide has a section on adding Radius as a secondary authentication for SPP login here:
This assumes that you already have Defender Server installed and configured to accept authentications from SPP nodes (Defender is the Radius Server in this example)
SPP will then point to Defender for Radius Secondary authentications to prompt for 2FA
Thanks!
Hi Tawfiq
How to define access node for SPP ?
as I know we define access node to secure windows based computers , Unix systems , VPN access and secure access websites for application hosted on IIS server.
Also we always need a defender agent installed on the systems that we have to protect.
Defender Access node for SPP would the same as a Windows based Access node but no Defender Desktop Client is needed to be installed on SPP because it is a hardened appliance and no access to the OS, instead SPP supports Radius without the need for the agent:
In the Defender Access node, Include the IP address range of all SPP Nodes
You can use a different authentication port (For example 1645 instead of 1812) if you prefer not to conflict with other access nodes using similar IP address range
Type: Radius Agent
Defender policy is Token only
Then in SPP, you would add the Radius settings as Secondary authentication (SPP > Safeguard Access > Identity and authentication > Radius > Secondary Authentication) pointing to Defender IP address with same port and shared secret as in the Access node in Defender
Then enable secondary authentication on the user settings in SPP selecting Radius as secondary authentication.
Thanks!
You may also need to disable push notification on Defender side if you are running Defender 6.2 or above as it may not work correctly yet with SPP
To disable Push notifications in Defender, add the registry key below on all Defender security servers:
thanks for your reconnandations.
I have installed Defender 6.1
I am testing and send you feedback
thanks for your reconnandations.
I have installed Defender 6.1
I am testing and send you feedback