Skip to main content

Setup instructions

Define the perimeter

MFA Bastion

Currently the Bastion doesn't yet support SAML authentications.
The only question to ask for MFA is therefore the source of the users.
If there are users who are not in the Active Directory, it's best to go through local Trustelem users, and not local Bastion users.
This way you only have one source of identity to maintain alongside the AD.
Furthermore, Trustelem has powerful tools to manage these local users.

Population Active Directory users?

Population Trustelem users?

Population local Bastion users?

MFA Access Manager

For the Access Manager, we must also ask the question of identity sources and, in the same way as for the Bastion, favor local Trustelem users over local Access Manager users.
For Active Directory users, it's also necessary to study the access method (account mapping, or vault transformation rule) in order to define whether it is better to go through a SAML or Radius configuration.

Population Active Directory users?

Population local Trustelem users?

Population local Access Manager users?

  • Do you want to keep their password or use Trustelem password instead?

Define the other needs