Skip to main content

Which setup to do, depending on the users?

Users from Active Directory - MFA Access Manager

  • Installation of Trustelem AD Connect on a VM to synchronize/authenticate the users with/on Trustelem
  • Recommended setup on Access Manager: SAML

Users from Active Directory - MFA Bastion

  • Installation of Trustelem AD Connect on a VM to synchronize/authenticate the users with/on Trustelem
  • Installation of Trustelem Connect on a VM to allow the radius authentication from the Bastion
  • Setup on the Bastion: Radius

Users from Active Directory - MFA Bastion + Access Manager

  • Installation of Trustelem AD Connect on a VM to synchronize/authenticate the users with/on Trustelem
  • Installation of Trustelem Connect on a VM to allow the radius authentication from the Bastion
  • Setup on the Bastion: Radius
  • Recommended setup on Access Manager: SAML
    If the access rights are managed mainly with "account mapping", then it can be relevant to use Radius in order to avoid providing 2 times the password

Local Users / Other directories - MFA Bastion

  • Installation of Trustelem Connect on a VM to allow the radius authentication from the Bastion
  • Recommended setup on the Bastion for the provisioning and the 1st factor: Trustelem LDAP
    • if you don't want to use LDAP, you will have to create user locally on both Bastion and Trustelem
    • if you use LDAP, you just have to create the users on Trustelem
    • the LDAP setup on the Bastion has to use mail as Login and User name attribute
  • Setup on the Bastion for the 2nd factor: Radius

Local Users / Other directories - MFA Access Manager

  • Installation of Trustelem Connect on a VM to allow the radius authentication from the Bastion
  • Recommended setup on the Bastion for the provisioning: Trustelem LDAP
    • if you don't want to use LDAP, you will have to create user locally on both Bastion and Trustelem
    • if you use LDAP, you just have to create the users on Trustelem
    • the LDAP setup on the Bastion has to use mail as Login and User name attribute
    • on Trustelem access rules, you can define 2FA for the LDAP permission
  • Recommended setup on Access Manager: SAML

Local Users / Other directories - MFA Bastion + Access Manager

  • Installation of Trustelem Connect on a VM to allow the radius authentication from the Bastion
  • Recommended setup on the Bastion for the provisioning and the 1st factor: Trustelem LDAP
    • if you don't want to use LDAP, you will have to create user locally on both Bastion and Trustelem
    • if you use LDAP, you just have to create the users on Trustelem
    • the LDAP setup on the Bastion has to use mail as Login and User name attribute
  • Setup on the Bastion for the 2nd factor: Radius
  • Recommended setup on Access Manager: SAML

Note

The users created on Trustelem will have a Trustelem password. So, in the case there are a lot of existing local users on the Bastion for who you don't want to change this password, you can use the following setup:

  • Installation of Trustelem Connect on a VM to allow the radius authentication from the Bastion and the Access Manager
  • Setup on the Bastion and the Access Manager for the 1st factor: local password
  • Setup on the Bastion and the Access Manager for the 2nd factor: Radius
    • the radius setup on the Bastion and the Access Manager has to use the same identifier used on Trustelem (email)