Installing the AuthAnvil Password Server Addin for Kaseya 2
Step 1: Contact Support to receive the Kaseya Addin files.
Step 2: Place the files on the Kaseya server and launch the Addin installer (AAPS_KaseyaAddin.exe)
Step 3: Click Next on the opening installer screen, then accept the license agreement and clickNext once more.
Step 4: For this step you will need the web.config file from your AuthAnvil Password Server (C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\web.config). If it is not accessible directly from the Kaseya server, you will need to copy it over to this machine. Browse to the web.config file and you will be prompted to input the web service URL for your AuthAnvil Password Server. This must be configured to use http instead of https, and it must resolve properly. Copy/paste the URL into a local browser session on the Kaseya server to verify the URL.
Step 5: Locate the SyncAgent Setup ZIP file from your AuthAnvil Password Server. You can find it at C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\SyncAgent Setup\SyncAgent Setup Package.zip, or you can copy the ZIP file to a location accessible by the Kaseya server. Click “Next” to continue.
Step 6: Click Next to start the install.
Step 7: When the install is complete, you will be presented with the final screen. Click Finish to launch the Kaseya Schema update so that Kaseya can load the AuthAnvil Password Server Addin.
Step 8: Log into Kaseya. If you have AuthAnvil 2FA enabled at logon, you will see a screen that resembles this.
Step 9: Click on the Password Server tab on the left hand navigation bar. Without AuthAnvil Single Sign On configured, you will see a login prompt for the AuthAnvil Password Server. See the next section on how to configure this Addin to use SSO.
Caution: If you have AuthAnvil Password Server v1.6 you will likely end up seeing an error the first time you load the pages in the Password Server Addin. Follow the steps in this Knowledge Base article to resolve this issue.
Configuring the AuthAnvil Password Server Addin to use AuthAnvil Single Sign On
The AuthAnvil Password Server makes it easy to create, audit, update, secure and reset passwords all from one central portal. Now that you have the AAPS Addin installed, all of this capability is now available inside Kaseya. Securing all of that password data should be done using two-factor authentication rather than a single, static password. With AuthAnvil 2FA and our 2FA Addin, you can configure AuthAnvil SSO to automatically log you in to the AuthAnvil Password Server using a 2FA prompt on your front-end Kaseya login. The end result is a single login to Kaseya giving you access to the AuthAnvil Password Server.
To do this, you will need the following components:
- An existing AuthAnvil Two Factor Auth server, v4.6 or later (link to guide)
- AuthAnvil 2FA Addin for Kaseya, v3.0 or later (link to guide)
- AuthAnvil Single Sign On v3.0 or later (link to guide)
- SSO configured for AuthAnvil Password Server (link to guide)
(If you are not certain which versions you have installed, please contact Customer Service athttp://www.scorpionsoft.com/help)
This configuration assumes that you are able to log in to Kaseya using your normal Kaseya credentials and your AuthAnvil Passcode. You should also be able to log in to SSO using the same username as your Kaseya login, to have one-click access to the Password Server. If you are not at this point, please review the documentation links above.
Step 1: Log in to Kaseya and click on the Password Server tab on the left-hand side. ClickConfigure Web Service to display the SSO configuration screen.
Step 2: Check the box to “Enable SSO authentication”.
Step 3: Update the SSO service URL so it points to the ssologon.asmx page on your AuthAnvil Password Server (i.e. http://localhost/AAPS/ssologon.asmx). Copy and paste this URL into a browser to make sure it can be reached from the Kaseya server.
Step 4: The Audience URI will not need to be changed.
Step 5: Click “Save Settings” to confirm the values for a Single Sign On connection.
Step 6: All the components should now be properly configured to use your 2FA login to Kaseya so that you are automatically logged in to the Password Server. Make sure your user is not whitelisted from using 2FA credentials and log out of Kaseya. Log back in with your username, password, and 2FA Passcode.
Step 7: Verify that the Addin is configured correctly by expanding the Password Server tab and clicking on “Dashboard”. This should load up the front page of the AuthAnvil Password Server with your specific user account already logged in. If you still see a login prompt, see the “Troubleshooting” section at the end of this guide.
Note: By default, you will only be able to use the Remote Desktop Connection functionality of the AuthAnvil Password Server when you are connected to Kaseya using https. If you wish to allow http connections to have access to RDP through the AuthAnvil Password Server, open C:\Kaseya\WebPages\AAPS_Addin\web.config and modify the key “httpsOverride” so that the value is “1″.