Virtual System Administrator™ supports single sign-on integration with Passly (Authanvil) On Demand, a cloud-based identity and access management web service.
A user initially logs into Passly (Authanvil) On Demand using multi-factor authentication, a strengthened method of user identification. This is the only time the user authenticates to access many different applications, hence the name 'single sign-on'.
Inside Passly (Authanvil) On Demand the user is shown a page of single sign-on apps. This can include a single sign-on app for the Virtual System Administrator™.
The user clicks any app's icon to immediately access that application. Passly (Authanvil) On Demand manages the specific logon requirements for each app, including periodic password changes if necessary, without the user's involvement.
Configuring the Passly (Authanvil) On Demand Kaseya App
Log into Passly (Authanvil) On Demand.
Select SSO Manager.
Click the add icon, then the book icon to select the Kaseya app template icon.
Click the Application Configuration tab.
Change Image - Optionally upload an icon for your new application.
Application is Enabled - Check to enable this application.
Give your application a name - Enter a name for your new application. You may wish to identify the specific VSA being accessed in the name.
Authentication Policy - Select an authentication policy.
Click the Protocol Setup tab.
Protocol Type - Select SAML SP-init.
Reply to URL - Replace the string kaseyamachine with your VSA domain name. For example change http://kaseyamachine/vsapres/web20/core/ssologin.aspx with http://yourVSAname/vsapres/web20/core/ssologin.aspx
Select Advance Settings on the same tab.
Signing Algorithm - Select SHA-256 for stronger encryption.
Select the Attribute Transformation tab.
Confirm the User.EmailAddress custom attribute mapping displays.
This setting matches the email address of the Passly (Authanvil) On Demand user with a VSA username formatted as the same email address to access the VSA.
Click the Permissions tab.
Click Add Groups to add the user groups that will have access to your new application.
Note the email addresses of all users assigned the Kaseya app. You will need to know this when configuring the VSA.
Click the Signing and Encryption tab.
Click Download.
A *.cer file is downloaded to your local machine.
Configuring the VSA
Log into the VSA.
On the System > Users page, for each VSA user who will be accessing the VSA from Passly (Authanvil) On Demand:
Create or rename the username formatted as the user's email address.
Each VSA user's username must match the email address of the Passly (Authanvil) On Demand user assigned the Kaseya app.
Note: VSA users can still log on manually using their VSA username and password. Passly (Authanvil) On Demand provides an alternate method of logging in that ignores the VSA password.
On the Auth Anvil > Configure Kaseya Logon page:
Select Certificate - Click to display additional options.
Choose File - Click to select the *.cer file you downloaded from Passly (Authanvil) On Demand.
Import Certificate - Click to upload the *.cer file.
Reply to URL - Enter the following URL, replacing the <yourVSAname> with your VSA name. This should match step 5 in Configuring the Passly (Authanvil) On Demand Kaseya App above.
icon, then the book icon to select the