Oplon Multi Factor Authentication Setup

Prerequisites

You have downloaded, installed and configured the Oplon Secure Access Virtual Appliance as indicated in this guide.
Make sure that the appliance has outgoing port 2443 open, it will need to communicate with super.oplon.cloud for MFA to work correctly.

Import Certificate .P12 super.oplon.cloud

Once you have purchased the Multi Factor Authentication service from Oplon, you will be given a .P12 certificate, which will be the certificate with which the appliance will interface with super.oplon.cloud for verifying the trustworthiness of the connection to allow the authorizations of the Multifactor Authentication Users.

At this point we can import the Keystore into Our Virtual Appliance.

Figure 2: Certificate Import

we select the file from the local path where we placed it and decide to Insert it on Our Platform

Figure 3: Certificate Import

A video of the operation of inserting the Keystore into our Platform A10_LBLGoPlatform

Figure 4: Video Keystore Insertion.

Copying and Configuring MFA/2FA Rewrite Rules

Rewrite Header Rules Research We flag the Templates view and search in search for the string 2fa

Figure 5: research rewrite headers

Rewrite Header Rules Copy we copy Templates in our A10_LBLGoPlatformPlatform

Figure 6: Rewrite Headers Copy

A video of the operation of copying the Rewrite Header Rules secure Templates into our Platform A10_LBLGoPlatform.

Figure 7: VIDEO Research and Copy rewrite headers.

Now we can proceed with the configuration of the Rewrite Rules that will protect the Oplon Secure Access resources.

Configuration Rewrite Header `2faActivation` and `ACTIVATION_CODE`

We go to the Rewrite Management>Rewrite Header Rules menu and look for the Rewrite Header rule 2faActivation

Once Entered in Parameter Writing Look for the Variables named ACTIVATION_CODE and in Value we give an “ACTIVATIONCODE” at will.

Figure 8: insertion ACTIVATION_CODE

A video of the operation of insertion of ACTIVATION_CODE in the Rewrite Header Rule 2faActivation

Figure 9: VIDEO Insertion ACTIVATION_CODE.

Configuration Rewrite Header Rule `2faGeneric`

We go in the Rewrite Management>Rewrite Header Rules menu and look for the Rewrite header Rule 2faGeneric

Once we got into Writing of Parameters we look for the Variables section and insert the appropriate values to the CLIENT_KEYSTORE_NAME —> (in our example “THECertificate.p12”) and CLIENT_KEYSTORE_PASSWORD items —> (the password received with it)

Figure 10: insertion Certificate Data

A video of the operation of Parameters insertion in the Rewrite Header 2faGeneric Rule

Figure 11: Insertion VIDEO Certificate Data.

Application of MFA Rules

At this point it is a matter of deciding where to apply them, remembering that rewrites can be applied to Level of

ADCs
Groupings
Domains
Endpoints

For this demonstration, we decided to apply them at the level of Domains, remembering however that the way of activation remains nearly the same for other entity types.

Ex. How to secure a Domain

At this point we can protect any of the resources exposed by OPLON SECURE ACCESS with a system of Multiple Factor Authentication

at this point we proceed to the implementation on a domain of MFA protection rules we decide to protect the domain a_domain.oplon.net

Research of the Domain

ADC Settings / Domains and we look for the domain a_domain.oplon.net and get into edit

Figure 12: Domain research

Insertion Rewrite header rules

inside the customization of the domain we look for the Rewrite header rules section and insert the two rewrites that we did a little while ago 2faGeneric and 2faActivation. Also remember to set 2fa Activation to the LAST value in the Operation column

Figure 13: Domain research

Insertion Video Rewrite Rules MFA on Resource (e.g. Domain)

A video of the domain search operation and on inserting the 2faGeneric and 2faActivation rewrite header Rules

Figure 14: VIDEO Insertion on Resource, for example “Domain”