|
|
|
|
Kaseya introduces a new addon module with this release, integrating Passly (AuthAnvil) identity and access management (IAM) solution with the Kaseya VSA. Integration with the VSA comprises a suite of three services called collectively AuthAnvil Password Solutions.
Important Note: In the case where a user account or IP address is whitelisted in the AuthAnvil two-factor module, the same user account and/or IP address will be subject to Kaseya’s native two-factor authentication.
Two Factor Authentication
Integration enables two factor authentication for:
Alerts and logging are provided for all two factor authentication activity. Active Directory integration is supported. You can optionally enable endpoints with a "queue" of passcodes to support authentication when endpoints cannot connect to a network, for example laptops out in the field.
Password Server
The same AuthAnvil module includes integration with Password Server. Password Server is used to configure and store all the credentials VSA administrators are required to work with, on behalf of multiple customers. Password Server includes the ability to set policies for credentials, control user access to each credential using personal, private and shared vaults, schedule password updates, and maintain logs of credentials usage. Password Server supports both SAML-enabled logons that allow immediate access and logons that require a business workflow to complete the logon. Password Server can optionally include the two factor authentication credentials you’ve created using the Two Factor Authentication service.
Note: Password Server is not supported in SaaS environments.
Single Sign On
A credential, with or without two factor authentication, can be added as a "menu app" item to the Single Sign On service. Once the Single Sign On menu is configured, the VSA user only needs to authenticate once—typically using two factor authentication—to gain access to this menu. Clicking any app in the menu provides instant access to any other resource without having to re-authenticate. The three services, integrated with the VSA, handle all authentications entirely behind the scenes, providing immediate, highly- secure access to all the machines you manage.
One of the applications you can add to your Single Sign On menu is an app to logon to the VSA. That means the Single Single On menu becomes the front end for user access to both the VSA and all other authentications VSA users require to perform their daily tasks.
You can also add Password Service itself as an app to the Single Sign On menu.
Agent Procedure Approvals using Two Factor Authentication
Instead of signing and then approving agent procedures using two different VSA users, you can now sign and approve your own agent procedures using your own 2FA passcode, if Two Factor Authentication has been enabled for your VSA user.
Installation
The AuthAnvil integration addon module for VSA is installed by default at no charge when you upgrade to R91. AuthAnvil is purchased separately. All three AuthAnvil services must be installed on a separate system from the KServer. Usually all three services are installed on the same system, along with the database server used by the AuthAnvil services.