Setup instructions

Define the perimeter

MFA Bastion

Currently the Bastion doesn't yet support SAML authentications.
The only question to ask for MFA is therefore the source of the users.
If there are users who are not in the Active Directory, it's best to go through local Trustelem users, and not local Bastion users.
This way you only have one source of identity to maintain alongside the AD.
Furthermore, Trustelem has powerful tools to manage these local users.

Population Active Directory users?

• MFA = login/pwd using AD + 2nd factor using Trustelem Radius
• Import AD users - read the page: Active Directory users - Trustelem ADConnect
• Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
• Setup the Radius on Bastion for AD users - read the page: WALLIX Bastion
• Define the access rules - read the page: Access rules

Population Trustelem users?

• MFA = login/pwd using Trustelem LDAP + 2nd factor using Trustelem Radius
• Create Trustelem users - read the page: Trustelem local users
• Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
• Setup Trustelem LDAP on Bastion - read the page: WALLIX Bastion
• Setup the Radius on Bastion for Trustelem users - read the page: WALLIX Bastion
• Define the access rules - read the page: Access rules

Population local Bastion users?

• MFA = login/pwd/2nd factor using Trustelem Radius
• Create Trustelem users - read the page: Trustelem local users
• Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
• Setup the Radius on Bastion for Bastion users - read the page: WALLIX Bastion
• Define the access rules - read the page: Access rules

MFA Access Manager

For the Access Manager, we must also ask the question of identity sources and, in the same way as for the Bastion, favor local Trustelem users over local Access Manager users.
For Active Directory users, it's also necessary to study the access method (account mapping, or vault transformation rule) in order to define whether it is better to go through a SAML or Radius configuration.

Population Active Directory users?

• Are you mainly using account mapping (same login for primary/secondary authentication)?
  • YES
    • MFA = login/pwd using AD + 2nd factor using Trustelem Radius
    • Import AD users - read the page: Active Directory users - Trustelem ADConnect
    • Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
    • Setup Trustelem Radius on Access Manager for AD users - read the page: WALLIX Access Manager
    • Define the access rules - read the page: Access rules
  • NO
    • MFA = login/pwd/2nd factor using Trustelem SAML
    • Import AD users - read the page: Active Directory users - Trustelem ADConnect
    • Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
    • Setup Trustelem SAML on Access Manager for AD users - read the page: WALLIX Access Manager
    • Define the access rules - read the page: Access rules

Population local Trustelem users?

• MFA = login/pwd/2nd factor using Trustelem SAML
• Create Trustelem users - read the page: Trustelem local users
• Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
• Setup the Trustelem LDAP on Bastion - read the page: WALLIX Bastion
• Setup Trustelem SAML on Access Manager for Trustelem users - read the page: WALLIX Access Manager
• Define the access rules - read the page: Access rules

Population local Access Manager users?

• Do you want to keep their password or use Trustelem password instead?
  • Keep their password
    • MFA = login/pwd using AM + 2nd factor using Trustelem Radius
    • Create Trustelem users - read the page: Trustelem local users
    • Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
    • Setup Trustelem Radius on Access Manager for AM users - read the page: WALLIX Access Manager
    • Define the access rules - read the page: Access rules
  • Use Trustelem password
    • MFA = login/pwd/2nd factor using Trustelem SAML
    • Create Trustelem users - read the page: Trustelem local users
    • Define the 2nd factors and the enrollment process - read the page: Multi factors authentication
    • Setup Trustelem Radius on Access Manager for AM users - read the page: WALLIX Access Manager
    • Define the access rules - read the page: Access rules

Define the other needs

• Delegate Trustelem local users management - read the page: Delegated Administration
• Reset users password with Trustelem - read the page: Self Service Password Reset
• Use AzureAD users instead of AD users - read the chapter: AzureAD users