Create Ecosystem and Import Users
Goal
The first goal to achieve is to import users to Acreto so that they can start working inside the ecosystem. We need to create the Ecosystem, connect Identity Provider, and onboard users with their devices - all steps have been described below.
Prerequisite
To complete this procedure you should:
- Have an active Acreto account (How to register)
- Have knowledge about Identity Provider (IDP) used in your company - the checklist placed below may be helpful to collect the required information.
- At last one test device (computer or phone) and access to account existing in IDP.
Checklist 1: Identity Provider (IDP)
- Select user authentication server and write down the following information
- Decide on the user authentication server / identity provider to user: Okta, Azure Active Directory, Windows Server AD, LDAP
- Domain name (yourcompany.com):__________________
- Address of Authentication server (IP or FQDN) :__________________
- Write down User Base DN, Group Base DN (i.e. ou=users, dc=dev-209171, dc=okta, dc=com) : __________________
- Username / Password to authenticate against Identity provider: /
- Decide on the list of initial 10 users to invite to participate in Acreto VPN solution if you like to take a phased approach
Configuration
In the context of our use case, we will use Microsoft Azure Active Directory with 10 Users and a sample Ecosystem.
To import and onboard Users:
- Log in to Acreto Wedge.
- Create a new Ecosystem named “remote users” or use existing ones.
- Integrate into your Identity Provider Service (Okta, on-premises windows active directory, Azure A/D)
- Connect identity provider with Acreto (configure here)
- Enable optional two-factor authentication on the 3rd party Identify provider. There may be an additional license required for this feature from your identity provider.
- Invite users in A/D to connect to Acreto SASE+
- Select users from the Active directory to receive onboarding emails or manually send the onboarding URL to end-users (see how: How to Invite a User with Onboarding Portal)
- Users visit an onboarding portal found at the bottom section of the identity provider page.
- They will be instructed to download the free OpenVPN client for mobile and laptops
- They will be instructed to download a unique Profile on Laptop/Mobile
- After the last step they can simply connect
- Acreto authenticates users against MSFT Azure A/D with MSFT Authenticator MFA and assigns all users to the “remote-user” role
- Select users from the Active directory to receive onboarding emails or manually send the onboarding URL to end-users (see how: How to Invite a User with Onboarding Portal)
- Add security Policy
- Add your first policy to turn on full Threat Detection (A/V, IPS, APT, Firewall, on all traffic on “remote-user” role (see how Create Security Policy )
- Confirm connectivity to the Internet and validate threat blocking by visiting http://Wicar.org and confirm all malware is blocked. You can also confirm Adult websites are also blocked.