Kaseya Community

Home » Discussion Forums » General Questions and Discussions » Duo SSO 2FA and Kaseya

Learn more about how AuthAnvil can protect and enhance your Kaseya experience

Similar Posts

2FA with Kaseya VSA

by
on Jan 16, 2017
  • Not Answered

VSA and Duo

by
on May 21, 2018

Use of Microsoft MFA to Manage 2FA for Kaseya On Premise Server

by
on Feb 24, 2019
  • Not Answered

Using Duo for Two Factor Authentication

by
on Feb 17, 2015

MFA/2FA for Live Connect

by
on Sep 1, 2020
Details
  • 8 Replies
  • 1 Subscriber
  • Postedover 1 year ago

Duo SSO 2FA and Kaseya

  • raum.sandoval
    Posted by
    on Jan 21, 2019 9:43 PM

    Does Kaseya support SAML for MFA on other platforms besides AuthAnvil. It doesn't make sense to be forced into a MFA solution in 2019.
  • Youri
    Posted by
    on Jan 22, 2019 2:28 PM

    saaspass.com/.../kaseya-two-factor-authentication-2fa-single-sign-on-sso-saml THis is what i found
  • Oscar Romero
    Posted by
    on Jan 22, 2019 2:58 PM

    There is support for MFA via AuthAnvil and Okta.
  • craig.smith
    Posted by
    on Jan 22, 2019 7:05 PM

    An unsupported method we use is configure the SAML connector in the AuthAvil Module (Under the SSO section)

    We use Azure SSO to handle the sign in enforcing the MFA requirement here.

    We then point the AuthAnvil module at a non-existent AuthAnvil Server and tell it to enforce for all logins which stops all users directly signing into kaseya and making the Azure SSO the only option.
  • GDRBrian
    Posted by
    on Jan 22, 2019 11:48 PM

    Interested in this as well.
  • JB1975
    Posted by
    on Jan 23, 2019 8:53 AM

    Same here. 's solution sounds very interesting.
  • BroncoMarc
    Posted by
    on Jan 25, 2019 9:56 PM

    Craig,

    What settings are you using in Azure to get the authentication to Kaseya to work?   I'm trying the same thing and i can only get it to drop me off at the login page.

    Thanks,

    - Marc
  • craig.smith
    Posted by
    on Jan 28, 2019 7:16 PM

    It took a bit of playing around with but eventually the following Settings are working on a production 9.5 instance:

    Basic SAML:

    Identifier: <KaseyaServer>/vsapres/web20/core/ssologin.aspx

    Reply URL: <KaseyaServer>/vsapres/web20/core/ssologin.aspx

    Repalce <KaseyaServer> with the FQDN of your server.

    User Attributes / Claims:

    Unique User Identifier: Set this to match your user name format - in our case it's user.onpremisessamaccountname remove all additional claims as you only need the user name passed to Kaseya.

    Signing Options:

    Signing Option: Sign SAML response

    Signing Algorithm: SHA-1

    In the AuthAnvil module

    Go to Configure Kaseya Logon:

    Tick "Enable Sign Sign On to Kaseya" under the Kaseya Single Sign On Configuration section

    Set the reply to url to: <KaseyaServer>/vsapres/web20/core/ssologin.aspx

    Import the certificate from Azure through the Select Certificate section. You want the Base 64 version of the certificate.
  • jhw-int
    Posted by
    on Sep 27, 2019 8:26 PM

    Is still working for you? I have set it up, but when trying to login, get an error page:

    vsa.xxxxxxx.com/.../error.html

    It seems like the endpoing set in the Identified / Reply URL isn't functional? Tried basically everything I could including creating multiple variations of accounts on the VSA server:

    username

    username@company.com

    etc.

    But no such luck. Any input would be appreciated. :)