Open Parallels Remote Application Server Management Console and open the Connection category. Select the Second Level Authentication tab and choose Deepnet as a provider.
Click on the Settings button to configure the DualShield server settings.
Select DualShield as the Type, enter the server name and port of the DualShield server previously installed.
Click on Check Connection to test that the authentication server can be reached and to verify that the Console is registered as a DualShield agent.
If you get the following message, you have either setup the wrong server information, or you need to allow auto registration of the components as a DualShield agent.
Go back to the DualShield Management Console and select Agents from the Authentication menu.
Select Auto Registration.
Check Enabled and set the date range.
Once the Agent Auto Registration is set, go back to the Management Console and select Yes. The following message should show up.
Please note that all Publishing Agents must be registered with Deepnet DualShield server.
If you are using some Backup Publishing Agents you need to close all windows opened until you can press Apply in the Remote Application Server main Management Console window. This will inform all the agents to self-register themselves as DualShield agents.
After setting up the connection settings, go to the Application tab and browse for the application name previously created from the DualShield Management Console.
Select how you want your users to be authenticated.
Mandatory for all users means that every user using the system must log in using two-factor authentication.
Create token for Domain Authenticated Users will allow Remote Application Server to automatically create software tokens for Domain Authenticated Users. Choose a token type from the drop down list. Note that this option only works with software tokens, such as QuickID and MobileID.
- Use only for users with a DualShield account will allow users who do not have a DualShield account to use the system without have to login using two-factor authentication.
User / Group exclude list allows you to add users or groups within your active directory that will be excluded from using DualShield Authentication.
Client IP exclude list allows you to add IP addresses or a range of IP addresses that will be excluded from using DualShield Authentication.
Client MAC exclude list allows you to add a MAC addresses that will be excluded from using DualShield Authentication.
Connection to the following Gateway IPs allows you to set a gateway where users connected to the gateway will be excluded from using DualShield Authentication.