Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting Started > Accessing the Content Gateway manager > Configuring Content Gateway for two-factor authentication
Configuring Content Gateway for two-factor authentication
Help | Content Gateway | Version 8.1.x
Two-factor (certificate) authentication (not available with AP-DATA Web Content Gateway):
*
Is configured for and applies to the TRITON Manager logon only.
*
Requires administrators to provide 2 forms of identification to log on.
*
Can be made to apply to the Content Gateway manager by forcing administrators to log on to the TRITON Manager before accessing the Content Gateway manager.
*
Requires single sign-on to be configured for administrators allowed access to the Content Gateway manager.
*
Requires that the password logon capability be disabled on Content Gateway (see below), preventing administrators not configured for single sign-on from accessing the Content Gateway manager. If Content Gateway is deployed on an appliance, password access is disabled using an appliance manager command. See the V-Series or X-Series CLI Help.
For more information about configuring two-factor authentication, see "Configuring Certificate Authentication" in TRITON Manager Help.
Disabling and enabling Content Gateway password logon
The Content Gateway manager password logon can be disabled to allow two-factor authentication only, or single sign-on access from the TRITON console.
 
* 
Important 
If Content Gateway is installed on a Websense appliance, see Appliance Manager Help for details.
To disable password logon:
1.
Make sure members of the Super Administrators group in the Web module of the TRITON Manager have Content Gateway Direct Access (single sign-on) permissions.
2.
If two-factor authentication will be used, set up two-factor authentication in the TRITON Manager.
3.
Log on to the Content Gateway host system and acquire root privileges.
4.
Change directory to "/etc" and check to see if there is a "websense" subdirectory. If not, create one ("mkdir websense").
5.
Change directory to "websense" (path is now "/etc/websense") and check to see if the file "password-logon.conf" exists.
6.
If not, create it ("touch password-logon.conf".
7.
Edit "password-logon.conf".
8.
Add the line, or modify the existing line to:
password-logon=disabled
9.
Write and exit the file.
The change takes effect immediately. There is no need to restart Content Gateway.
To re-enable password logon for all administrators:
1.
Log on to the Content Gateway host system and acquire root privileges.
2.
Change directory to "/etc/websense".
3.
Edit "password-logon.conf" and change:
password-logon=disabled
to:
password-logon=enabled
4.
Write and exit the file.
The change takes effect immediately. There is no need to restart Content Gateway.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting Started > Accessing the Content Gateway manager > Configuring Content Gateway for two-factor authentication
Copyright 2016 Forcepoint LLC. All rights reserved.