Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring TRITON Settings > Configuring two-factor authentication
Configuring two-factor authentication
TRITON Manager Help | Web, Data, and Email Protection Solutions | v8.0.x
Use the TRITON Settings > Two-Factor Auth page to manage the use of two-factor authentication for administrator logons.
 
* 
Note 
Only Global Security Administrators can access this page.
Two-factor authentication requires administrators to provide 2 forms of identification when logging on to TRITON Manager.
TRITON administrators can be granted single sign-on access to other Websense management consoles (Appliance Manager and Content Gateway Manager). To use this functionality with two-factor authentication:
*
Appliance Manager: Set up single sign-on permissions for administrator accounts (see Configuring an existing appliance for single sign-on, page 38).
*
Content Gateway Manager: Disable password authentication for Content Gateway Manager (see "Configuring Content Gateway for two-factor authentication" in the Content Gateway Help).
Access to TRITON Mobile Security is not covered by two-factor authentication: you must log on to the cloud-based console using your regular username and password.
The following methods are available:
*
RSA SecurID® authentication (see How does RSA SecurID authentication work?, page 29)
*
Certificate authentication (see How does certificate authentication work?, page 31).
If you choose to enable RSA SecurID authentication:
*
You must be running RSA Authentication Manager 6.1.2 or higher.
*
Ensure only one NIC is configured and enabled on your TRITON Management Server.
*
You must first create a custom agent for TRITON Manager in your RSA Authentication Manager (see Creating a custom agent for RSA SecurID authentication, page 29).
*
Certificate authentication is automatically disabled. If you have previously enabled certificate authentication and then enable RSA SecurID authentication, a warning message appears.
To set up TRITON Manager RSA SecurID authentication:
1.
Mark Authenticate administrators using RSA SecurID authentication.
2.
Enter a valid Username and Passcode for RSA SecurID logon.
The user must be able to authenticate with RSA Authentication Manager, but does not have to be a TRITON administrator.
3.
Click Test Connection to RSA Manager.
You must successfully test the connection to your RSA Authentication Manager before you can save your changes on this page. The results of the test are displayed next to the Test Connection button; for more information on these results, see Test Connection to RSA Manager results, page 30.
1.
To allow administrators to log on to TRITON Manager if RSA authentication is unavailable, mark Fall back to other authentication mechanisms....
Selecting this option means that any administrators configured on the TRITON Settings > Administrators page can log on using their local or network credentials as a fallback. If you do not select this option, RSA authentication is the only option for all administrators except the admin account created during installation.
2.
Click OK.
To set up TRITON Manager certificate authentication:
1.
Mark Authenticate administrators using client certificate authentication.
2.
To enable attribute matching, under Certificate Matching mark Use attribute matching as a fallback method and select whether it applies to all administrators, or only administrators without certificates in TRITON Manager.
To configure the attributes used for matching, click Configure Attribute Matching, then see Setting up attribute matching, page 32.
3.
To import certificates from your user directory for network administrators, click Import Administrator Certificates.
When certificates are successfully imported, a success message is displayed at the top of the page. If any of the certificates are not imported correctly, you can upload a certificate for each network administrator on the TRITON Settings > Administrators > Edit Network Account page.
4.
Click Add under Root Certificates to add a root certificate for signature verification. There must be at least one root certificate in TRITON Manager for two-factor authentication to operate.
5.
Browse to the location of the root certificate file, then click Upload Certificate.
6.
Whenever you add or change a root certificate, you must create a new master certificate file and copy that file to the Websense TRITON Web Server service. Click Create Master Certificate File to create the new file, then see Deploying the master certificate file, page 32 for further information.
7.
To enable password authentication as a fallback method, mark Allow password authentication to log on to TRITON Manager and select whether it applies to all administrators, or only administrators without certificates in TRITON Manager.
 
* 
Note 
The admin account created during installation can always log on from the TRITON Management Server machine using password-based authentication.
8.
Click OK.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring TRITON Settings > Configuring two-factor authentication
Copyright 2016 Forcepoint LLC. All rights reserved.