WALLIX Access Manager

Contents

Trustelem Radius on Access Manager for AD users

Install Trustelem Connect

Start by installing Trustelem Connect.
This will give Trustelem the ability to process Radius authentications.
The documentation is the following:
https://trustelem-doc.wallix.com/books/trustelem-administration/page/ldap-radius-trustelem-connect
You don't need to read the chapter Setup an application to use Trustelem Connect, the specific instructions for an Access Manager application will be detailed in this chapter.
The common mistakes will be also detailed, but if the authentication is not working you should start by reading the Debug chapter in this LDAP-Radius - Trustelem Connect documentation.

On Trustelem admin page

On Access Manager admin page

You can't test the authentication yet, first you need to define the access rules on Trustelem.
The documentation is provided in the page: https://trustelem-doc.wallix.com/books/trustelem-administration/page/access-rules
For this kind of authentication, you need a Radius access rule set to 2nd factor only.

Note: for the user authentication, first provide the AD login and password then provide the Trustelem TOTP code, even if the name of the input is Password again.

Trustelem Radius on Access Manager for AM users

Install Trustelem Connect

Start by installing Trustelem Connect.
This will give Trustelem the ability to process Radius authentications.
The documentation is the following:
https://trustelem-doc.wallix.com/books/trustelem-administration/page/ldap-radius-trustelem-connect
You don't need to read the chapter Setup an application to use Trustelem Connect, the specific instructions for an Access Manager application will be detailed in this chapter.
The common mistakes will be also detailed, but if the authentication is not working you should start by reading the Debug chapter in this LDAP-Radius - Trustelem Connect documentation.

On Trustelem admin page

On Access Manager admin page

You can't test the authentication yet, first you need to define the access rules on Trustelem.
The documentation is provided in the page: https://trustelem-doc.wallix.com/books/trustelem-administration/page/access-rules
For this kind of authentication, you need a:

Trustelem SAML on Access Manager for AD users

On Trustelem admin page

//Define a default profile attribute which matches the name of the Access Manager profile
msg.setAttr("profile","User")
//Change the default profile depending on the email address
if(user.email=="rose.keler@trustelem.demo"){msg.setAttr("profile","Auditor")}
//Change the default profile depending on Trustelem groups
for (let group in groups) {
  if(group=="Trustelem admin group name"){msg.setAttr("profile","Administrator")}
}

am-app2.png

On Access Manager admin page

You can't test the authentication yet, first you need to define the access rules on Trustelem.
The documentation is provided in the page: https://trustelem-doc.wallix.com/books/trustelem-administration/page/access-rules
For this kind of authentication, you need internal and external set to 2 factors

Trustelem SAML on Access Manager for Trustelem users

On Trustelem admin page

//Define a default profile attribute which matches the name of the Access Manager profile
msg.setAttr("profile","User")
//Change the default profile depending on the email address
if(user.email=="rose.keler@trustelem.demo"){msg.setAttr("profile","Auditor")}
//Change the default profile depending on Trustelem groups
for (let group in groups) {
  if(group=="Trustelem admin group name"){msg.setAttr("profile","Administrator")}
}

am-app2.png

On Access Manager admin page

You can't test the authentication yet, first you need to define the access rules on Trustelem.
The documentation is provided in the page: https://trustelem-doc.wallix.com/books/trustelem-administration/page/access-rules
For this kind of authentication, you need internal and external set to 2 factors

Debug

If the Radius authentication is not working:

If the SAML authentication is not working:

If after that you still you don't have a working SAML authentication, you can try 2 things:


Revision #22
Created 1 July 2022 08:37:52 by WALLIX Admin
Updated 24 November 2023 14:49:27 by WALLIX Admin