An agent can authenticate from anywhere in the world provided the following three conditions are met:
- The Authentication Server address must use a public URL. Map your DNS so that the external address will look up the local address in IIS.
- The TokenValidator virtual directory in IIS has to be exposed securely. Enable the SSL requirement in IIS Directory Security. This will only allow communication on port 443
Note: Enabling this setting will cause the Token Test feature of Anvil Manager in v1.6 to always fail as it doesn't support port redirection and only checks if the Token Validator is on port 80.
- The client running the agent must trust the certificate prior to use. Ideally, a third party public SSL certificate will be trusted with no user intervention, which will allow the agent to connect to the Anvil server.