Adding Passly 2FA to Virtual System Administrator (VSA) - 9.1 or Later

When you access the Passly Module for the first time in VSA - newer you will notice a configuration wizard. This configuration wizard will allow you to configure the Passly integration built into VSA.

Note: This integration requires a working Passly tenant. If you are not a current Passly subscriber, please contact your Account Manager.

 

  1. Log into Virtual System Administrator.
    2fa6.PNG
  2.  Select the AuthAnvil Module > Configure AuthAnvil Settings
    2fa.PNG
  3. Select - I would like to configure Two Factor Auth Only.2favrpws.png
  4. Select Begin.
    Next Enter the SAS URL for your Passly Server.2fa2.PNG
    Note: Your SAS URL will be https://(Your company).my.passly.com/AuthAnvil/SAS.asmx
    : Site ID is always 1
  5. Define a Whitelisted User that will not require Two Factor Authentication.2favrpws2.png
  6. Select Verify Settings.
    2favrpws3.png
  7. Once you see the settings are valid select Next.
  8. Now that you have the logon protection configured you can select Finish to apply the settings.2fa5.PNG

You should now see the same login prompt when a user is required to use 2FA logs in.


2fa6.PNG

Note: You will not see the 2FA prompt until after you enter your password and select Log On.

Note: This requires a login from a user not in the White list.


logonprompt.PNG
Note For R9.1 - older: Users will need to enter a four-digit pin here as well as the One Time Password.
For the Pin, your users will use Pin: 1111
The actual Pin requirement was a holdover from the old On-Prem configuration. On-Demand does not use the Pin, however, it respects the value being submitted.
Note: If you are using R9.4 - newer only the OTP is required.
Note: As of R9.5 if you enter your Passly password in the OTP prompt it will send a PUSH notice to your mobile Authenticator to approve.

 

Configuration

Once logged in you can manage your user & IP white lists via AuthAnvil Module >Two Factor Auth > Configure Kaseya Logon

2fa7.PNG

In the AuthAnvil Module, you can choose to enable the Two Factor login requirement.

Whitelisted users should be entered in the following format. Comma-separated with no spaces

fred,john,james to domain.com/fred,domain.com/john,domain.com/james

 

IP's can be entered as comma-separated with no spaces. IPs will need to be entered using CIDR format.

Example192.168.1.1/32,10.10.1.1/32

 

Select Save Settings before logging out.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us