This page explains the configuration parameters in: Settings > ZTNA > Configurations > User Portal of admin portal (portal.safous.com)
In general, this page provide options to configure the user portal.
1. Edit button, to be able to modify the configuration in this page you need to click this button first.
2. Require MFA, this toggle button is a global setting for MFA enablement in the user portal (enabled by default). If you switch this button to disable, then there will be no MFA needed when accessing user portal.
3. Require device certificate, this feature was designed to authenticate the corporate device or similar case so only a trusted device can access the user portal.
a) You can set device certificate requirement to any to allow the client machine to login as long as it has a device certificate installed.
b) You can use a trusted certificate to only allow a client machine with a trusted certificate.
- You can generate the chained certificate via Safous admin portal and then download the generated chained certificate to be installed in the client's machine.
- You can use your own signed certificate to be installed in the client machine and upload the CA certificate that used to authorize it in Safous.
The steps for both methods can be found in this KB:
https://support.safous.com/kb/zta-policies-trusted-certificates.
After the required certficate has been registered in Safous admin portal, you can use it in the configuration.
4. Require MS-ADCS certificate template OID, to enable this option you need to add the MS-ADCS Certificate Template OID with the correct OID value based on your deployed ADCS.
More information about MS-ADCS, please refer to official Microsoft KB:
5. Enforce session fingerprinting, this option (enabled by default) is needed to reduce the risk of session hijacking by a malicious attacker. This option ensures the integrity of the session and terminates the session when a mismatch is detected.
6. Color scheme, choose dark or white color theme for the user portal (dark by default).
7. Login layout, choose login form layout for the user portal whether in the left, middle, or right (left by default).
8. Login logo, choose whether to show logo in the login form or not (show by default).
9. Login logo background, choose login logo background (black - #000000 by default).
10. Idle session timeout, choose how long user portal session will be active during idle (no activity) condition in minutes.
11. SAML token expiry, choose how long SAML token for user portal will preserve in seconds.
12. Include IP addresses in web fingerprint..., toggle this option if you want to enable the IP address check during web fingerprint verification.
Don't forget to save your configuration every time you finish setting up options in this page.
