How to activate Double-Factor Authentication (2FA)
Activating Double-Factor Authentication
You can integrate the Double-Factor Authentication for TSplus with SAASPASS, the Leader of Multi-Factor Authentication.
The SAASPASS-TSplus integration is a quick and straightforward process. Before you start, please make sure that your server is accessible from out of your network. If your server cannot be accessed by SAASPASS you will not be able to use Scan Barcode, Proximity Login and One-Time Password to log in. The SAASPASS-TSplus integration can be done by following these steps (these instructions may be different on some Windows Server versions).
Make sure you meet the pre-requisites before continuing the integration:
- Installed the latest version of TSplus.
- Installed the SAASPASS mobile application or Desktop client.
- Company registration for SAASPASS from the admin portal at www.saaspass.com.
- Reachable server from SAASPASS for Login options as Scan Barcode and Proximity.
- SAASPASS is reachable from the server.
- Installed IIS with the following modules: CGI, ISAPI Extensions and ISAPI Filters.
WebSocket Protocol and ASP.NET 4.5 installed on the server.
Note: Load-Balancing is not compatible with SAASPASS Double-factor authentication.
Download SAASPASS-TSplus plugin archive from here and extract the content into the following folder C://inetpub/wwwwroot/SAASPASS-TSPlus:
- Give full permission to the group “Everyone” in the directory “C:\inetpub\wwwroot”.
Open IIS Manager, right-click on Sites and then click on Add Web Site. Fill the from with appropriate data, where the Physical Path will point to the extracted content of the archive.
Don’t forget to specify the http port to 81.
You will have to add the TSplus cgi-bin virtual directory – located under the path C:\Program Files (x86)\TSplus\Clients\wwww\cgi-bin – as an application into your SAASPASS-TSplus website:
Then, double-click on the “Handler Mappings” icon for this folder on the right side of the Manager window:
Now, right-click on CGI-exe and click on “Edit Feature Permissions”:
Check the “Execute” checkbox and click OK:
Configure CGI extension permission Then, allow the CGI extension to run on the server. Click on the “ISAPI and CGI Restrictions” icon. This can be found by clicking on the machine name in the menu on the left side of the window:
On the “ISAPI and CGI Restrictions” page, click “Add …” on the right side of the window. Now specify the full path to the “hb.exe” file hosted in the TSplus folder. Be sure to check the “Allow extension path to execute” option, as Illustrate the following screenshots:
Add Mime types in IIS Double-click on the Mime Types icon:
And verify that the “.” and “.dat” extensions appear with a text/plain MIME type:
Otherwise, add them by opening a command prompt as an administrator and run the following commands:
%SystemRoot%\system32\inetsrv\appcmd set config /section:staticContent /+[fileExtension='.dat',mimeType='text/plain'] %SystemRoot%\system32\inetsrv\appcmd set config /section:staticContent /+[fileExtension='.',mimeType='text/plain']
Then restart IIS.
Once you set up the SAASPASS-TSplus plugin to run under IIS, now we need to change TSplus to use IIS Server instead of the built-in server:
- Open the TSplus Administrator Tool and click on the Manage Web Servers tile under the Web Tab.
- Select Use a different HTTP Web server
- Then, change the Web server root path to point to ISS SAASPASS-TSplus.
- Save the changes, the AdminTool will restart.
On the SAASPASS Portal, when switched to Company mode, you can add users on the Groups & Users tile and TSplus on the Company Applications tile:
You can see that the application is running and one user or group is connected.
Once everything is in place, open IIS Manager and go to Application Settings for the SAASPASS-TSplus site.
Enter the correct values for your application APIKEY and APIPASSWORD, which you can get from APP KEY & PASSWORD on the SAASPASS Admin Portal when you are managing your Application.
Under the TSplus application on the SAASPASS Admin Portal, open Application Settings and enter your desired IP Filter, as well as the TSplus URL, with your domain name, for example:
Open the TSplus AdminTool and navigate to Security -> Advanced Security. Enable ‘Deny access from Microsoft RDP client’ and ‘Encrypts end-to-end communications’. Save the changes. Restart TSplus.
You are all set, now you can login to TSplus with SAASPASS: