 EasyAccess 4.3 Getting Started Guide
|
Next |
|---|
| EasyAccess 4.3 Getting Started Guide
|
Next |
|---|
![[Note]](images/note.png) |
Note: This document is also available in other formats |
|---|---|
|
A PDF version of this document along with all current and older documentation in PDF format can be found at https://my.clavister.com. It is also available as a single HTML page. |
Introduction
The Clavister EasyAccess product is a server based, on-premises software product that provides multi-factor authentication services. This guide will go through both installation of the product as well as describing some of the basic setup procedures for different scenarios once the EasyAccess server is running.The topics covered will include the following:
Installing the EasyAccess server.
Accessing the EasyAccess configuration manager web interface.
Setting up access to a user store (in other words, access to a database of users).
Setting up RADIUS authentication servicing, optionally with different kinds of multifactor authentication.
Setting up different types of federation (SAML) scenarios.
Enabling authentication management by users themselves through the self service feature.
Note that this guide only covers setup of the EasyAccess server. It does not cover setup of a client device or how to make use of the self service feature.
Compatible Hardware Platforms
The EasyAccess server software can be installed on any of the following platforms:Linux™ (64 bit).
Windows™ 10 or 11 (64 bit).
Windows Server™ 2008, 2012, 2016 (64 bit).
Resource Requirements
The following are the minimum hardware resource requirements for the EasyAccess server running on all platforms:RAM memory requirements:
A minimum of 2 GBytes RAM for installations with up to 10,000 users.
A minimum of 4 GBytes RAM for installations with between 10,000 and 100,000 users.
For greater user numbers, consult with support personnel.
A minimum of 5 GBytes free disk space.
The EasyAccess server is not highly CPU intensive so a hardware platform providing a single CPU can be sufficient in many scenarios. However, a dual core CPU is recommended.
Virtual Environment Support
Virtual environments such as VMware and Microsoft Hyper-V are supported.Using a Reverse HTTP Proxy is Recommended
After installation, the EasyAccess server is best protected from the Internet by being on a DMZ type network with a private IP address. This means that there must be some means of SAT address translation from a public IP for incoming connections.The recommendation is to place a reverse proxy between the Internet and the EasyAccess server and to configure the proxy to allow the expected external client access to the server. This may also include installing the appropriate SSL certificate on the proxy which clients can accept, instead of configuring this in EasyAccess.
The selection and detailed setup of reverse proxy software is outside the scope of this publication. However, below is a list of the recommended proxy translations, where the first parameter is the URI of the incoming connection and the second parameter is the translated URL, where EA_SERVER represents the private IP address of the EasyAccess server.
"/config" => "https://EA_SERVER:8443/config"
"/mfaadmin" => "https://EA_SERVER:8443/mfaadmin"
"/selfservice" => "https://EA_SERVER:8443/selfservice"
"/authenticate" => "https://EA_SERVER:8443/authenticate"
"/saml" => "https://EA_SERVER:8443/saml"
"/oidc" => "https://EA_SERVER:8443/oidc"
"/pki" => "https://EA_SERVER:8443/pki"
"/push" => "https://EA_SERVER:8443/push"
"/activateonetouch" => "https://EA_SERVER:8443/activateonetouch"
"/myapps" => "https://EA_SERVER:8443/myapps"
"/pss" => "https://EA_SERVER:8443/pss"
If preferred, the protocol used could be HTTP with the port number 8080.
