Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting Started with Content Gateway > Accessing the Content Gateway manager > Configuring Content Gateway for two-factor authentication
Configuring Content Gateway for two-factor authentication
Help | Content Gateway | v8.4.x
Two-factor (certificate) authentication (not available with Forcepoint DLP Web Content Gateway):
*
Is configured for and applies to the Forcepoint Security Manager only.
*
Requires administrators to provide 2 forms of identification to log on.
*
Can be made to apply to the Content Gateway manager by forcing administrators to log on to the Forcepoint Security Manager before accessing the Content Gateway manager.
*
Requires single sign-on to be configured for administrators allowed access to the Content Gateway manager.
*
Requires that the password logon capability be disabled on Content Gateway (see below), preventing administrators not configured for single sign-on from accessing the Content Gateway manager. If Content Gateway is deployed on an appliance, password access is disabled using an appliance command. See your Forcepoint appliance documentation.
For more information about configuring two-factor authentication, see "Configuring Certificate Authentication" in Forcepoint Security Manager Help.
Disabling and enabling Content Gateway password logon
The Content Gateway manager password logon can be disabled to allow two-factor authentication only, or single sign-on access from the Forcepoint Security Manager.
 
* 
Important 
If Content Gateway is installed on an appliance, see your appliance documentation for details.
To disable password logon:
1.
Make sure members of the Super Administrators group in the Web module of the Forcepoint Security Manager have Content Gateway Direct Access (single sign-on) permissions.
2.
If two-factor authentication will be used, set up two-factor authentication in the Security Manager.
3.
Log on to the Content Gateway host system and acquire root privileges.
4.
Change directory to "/etc" and check to see if there is a "websense" subdirectory. If not, create one ("mkdir websense").
5.
Change directory to "websense" (path is now "/etc/websense") and check to see if the file "password-logon.conf" exists.
6.
If not, create it ("touch password-logon.conf".
7.
Edit "password-logon.conf".
8.
Add the line, or modify the existing line to:
password-logon=disabled
9.
Write and exit the file.
The change takes effect immediately. There is no need to restart Content Gateway.
To re-enable password logon for all administrators:
1.
Log on to the Content Gateway host system and acquire root privileges.
2.
Navigate to the /etc/websense directory.
3.
Edit password-logon.conf and change:
password-logon=disabled
to:
password-logon=enabled
4.
Write and exit the file.
The change takes effect immediately. There is no need to restart Content Gateway.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting Started with Content Gateway > Accessing the Content Gateway manager > Configuring Content Gateway for two-factor authentication
Copyright 2017 Forcepoint. All rights reserved.