Wallix Authenticator

Presentation

Based on WALLIX Trustelem

SAML - OpenID Connect

SAML.png

LDAP - Radius

SAML.png

WALLIX Authenticator

Architecture

architecture.png

Prerequisites

prerequis.PNG

Setup
Available factors
drawing drawing drawing drawing
Benefits

Setup instructions

Define the perimeter

MFA Bastion

Currently the Bastion doesn't yet support SAML authentications.
The only question to ask for MFA is therefore the source of the users.
If there are users who are not in the Active Directory, it's best to go through local Trustelem users, and not local Bastion users.
This way you only have one source of identity to maintain alongside the AD.
Furthermore, Trustelem has powerful tools to manage these local users.
But if you need to have MFA for local Bastion users, it is still a possibility.

Population Active Directory users?

Population Trustelem users?

Population local Bastion users?

SAML Bastion

MFA Access Manager

For the Access Manager, we must also ask the question of identity sources and, in the same way as for the Bastion, favor local Trustelem users over local Access Manager users.
For Active Directory users, it's also necessary to study the access method (account mapping, or vault transformation rule) in order to define whether it is better to go through a SAML or Radius configuration.

Population Active Directory users?

Population local Trustelem users?

Population local Access Manager users?

Define the other needs