Integrate Entrust IdentityGuard AD FS Adapter

Limitations

● Resource rules for Entrust Identity Enterprise applications only include the Date / Time condition restriction. The Medium Risk and High Risk authentication steps are system-defined; they cannot be modified. The changes that can be made to the Low Risk authentication steps are limited.

● When configuring a resource rule for the Entrust Identity Desktop application, the user ID has to match the user ID in the domain controller.

Create a resource rule to protect access to an Entrust legacy application

1. Log in to your Identity as a Service administrator account.

2. Click > Security > Resource Rules. The Resource Rules List page appears.

3. Click + next to the application you want to protect with a resource rule. The Add Resource Rules page appears.

4. Enter a Rule Name and Rule Description for the resource rule.

5. In the Groups list, select the group or groups of users restricted by the resource rule.

These are the groups to which the resource rule applies. If you do not select any groups, by default the resource rule applies to all groups.

6. Click Next. The Authentication Conditions Settings page appears.

7. If you do not Enable Advanced Risk Factors, do the following:

a. Select the Authentication Flow from the drop-down list. The Authentication Flow flowchart updates based on the selection.

b. Click Submit to save the Resource Rule.

8. If you want to Enable Advanced Risk Factors, complete the remaining steps in this procedure.

9. Select Enable Advanced Risk Factors to add additional risk factors to the resource rule.

10. Select Enable Strict Access for Application to set the resource rule to deny access regardless of the outcome from other resource rules. If this option is disabled for any resource rule that denies access, the user is allowed access if at least one resource rule allows access.

11. For Advanced Risk Factors, click the Deny option to deny access to the application if the risk factor fails regardless of the results of the other risk factors.

12. Click Date/Time to set the conditions as follows:

a. Select one of the following:

– Allow Date/Time to set when a user can access the application.

– Deny Date/Time to set when the user cannot access the application.

The Date/Time Context Condition Settings appear.

b. Select the Condition Type:

– Specific Date Range Condition—Allows or denies access to the application during a select period of days.

– Time-of-day and/or Day of Week Recurring Conditions—Allows or denies access to the application on a specific time of day, day of the week, or both. Recurring times selected only apply to days not denied.

– Clear Selection—Clears existing Date and Time conditions.

c. Set the Condition Type settings, as follows:

i) Select Use local time zone to use the local time zone or deselect Use local time zone to use the local time zone and begin typing the time zone in the Begin Typing Timezone name field and select the time zone from the drop-down list.

ii) If you selected Specific Date Range Condition, click Start Date to select a start date from the pop-up calendar. Optionally, select the End Date.

iii) If you selected Time-of-Day and/or Day-of-Week, click Start Time and select the start time from the pop-up clock. Optionally set the End Time. You must also select the days of the week for the condition.

d. Click Save to return to the Authentication Conditions Settings page.

13. Set the risk score for application conditions to set the risk percentage a user receives if they fail to meet the condition, as follows:

● Click the dot next to the condition setting and slide the risk scale to the risk percentage

-or-

● Click the 0% and enter the risk points and then click OK.

The default setting is 0%. The Risk percentage determines the authentication requirements as set by the Authentication Decision. When a user attempts to authenticate to an application, the final risk percentage is the sum of all failed conditions.

14. Set the Authentication Decision risk level for Medium Risk and High Risk as follows:

a. Click the risk threshold percentage to the right of Medium Risk or High Risk. The Risk Threshold dialog box appears.

b. Enter the risk percentage.

c. Click OK.

15. Select the Authentication Flows for Low Risk, Medium Risk, and High Risk from the drop-down lists. The Authentication Flows flowchart updates based on your selections.

16. Click Submit to create the resource rule.

Add AD FS Adapter to Identity as a Service

1. Click > Security > Applications. The Applications Lists page appears.

2. Click Add. The Add Applications page appears.

3. Under IdentityGuard Integrations, select ADFS Adapter. The Add ADFS Adapter page appears.

4. Optional: Modify the Application Name or Application Description

5.

6. Optional. Add a custom application logo.

a. Click next to Application Logo. The Upload Logo dialog box appears.

b. Click to select an image file to upload.

c. Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.

d. If required, resize your image.

e. Click OK.

7. Click Next. The Setup page appears.

8. Enter the application Hosts name or IP list (separated by a comma).

9. Leave the Port setting at the default.

10. From the Select IdentityGuard agent drop-down list, select the gateway instance containing the Entrust IdentityGuard agent.

11. Click Submit and Done.