Maitiro ekuseta Hailbytes VPN Kusimbiswa
ziviso
Iye zvino zvawava neHailBytes VPN setup uye yakagadziriswa, unogona kutanga kuongorora mamwe ekuchengetedza maficha HailBytes anofanira kupa. Unogona kutarisa bhurogi redu kuti uwane mirairo yekuseta uye maficha eVPN. Muchikamu chino, tichavhara nzira dzechokwadi dzinotsigirwa neHailBytes VPN uye maitiro ekuwedzera nzira yechokwadi.
tsananguro
HailBytes VPN inopa akati wandei nzira dzechokwadi kunze kwechinyakare chechokwadi chenzvimbo. Kuti uderedze njodzi dzekuchengetedza, tinokurudzira kudzima chokwadi chemunharaunda. Pane kudaro, isu tinokurudzira multi-factor authentication (MFA), OpenID Connect, kana SAML 2.0.
- MFA inowedzera imwe nhanho yekuchengetedza pamusoro pehuchokwadi hwenzvimbo. HailBytes VPN inosanganisira yakavakirwa-mukati mavhezheni uye rutsigiro rwekunze MFA kune vakawanda vanozivikanwa vanopa zvitupa seOkta, Azure AD, uye Onelogin.
- OpenID Batanidza chitupa chekuzivikanwa chakavakirwa paOAuth 2.0 protocol. Inopa yakachengeteka uye yakamisikidzwa nzira yekutendesa uye kuwana ruzivo rwemushandisi kubva kune identity provider pasina kupinda kakawanda.
- SAML 2.0 ndeye XML-yakavakirwa yakavhurika mwero wekuchinjana chokwadi uye ruzivo rwemvumo pakati pemapato. Inobvumira vashandisi kutendesa kamwe chete nemupi wekuzivikanwa pasina kutendesa zvakare kuti uwane akasiyana maapplication.
OpenID Batanidza neAzure Seta kumusoro
Muchikamu chino, tichaenda muchidimbu pamusoro pekuti ungabatanidza sei chitupa chako uchishandisa OIDC Multi-Factor Authentication. Iri gwaro rakanangana nekushandisa Azure Active Directory. Vakasiyana vanopa zvitupa vanogona kunge vaine zvimiro zvisina kujairika uye zvimwe zvinhu.
- Isu tinokurudzira kuti ushandise mumwe wevanopa akatsigirwa uye akaedzwa zvizere: Azure Active Directory, Okta, Onelogin, Keycloak, Auth0, uye Google Workspace.
- Kana usiri kushandisa anokurudzirwa OIDC mupi, zvinotevera zvigadziriso zvinodiwa.
a) discovery_document_uri: Iyo OpenID Batanidza mupi gadziriso URI iyo inodzosa gwaro reJSON rinoshandiswa kugadzira zvinotevera zvikumbiro kune uyu mupi weOIDC. Vamwe vanopa vanodaidza izvi se "inozivikanwa URL".
b) client_id: ID yemutengi yechishandiso.
c) client_secret: Chakavanzika chemutengi chekushandisa.
d) redirect_uri: Inoraira mupi weOIDC kwainotungamira mushure mechokwadi. Iyi inofanira kunge iri Firezone yako EXTERNAL_URL + /auth/oidc/ /callback/, semuenzaniso https://firezone.example.com/auth/oidc/google/callback/.
e) response_type: Seta kukodhi.
f) chiyero: OIDC scopes yekuwana kubva kune wako OIDC mupi. Pashoma, Firezone inoda iyo openid uye email scopes.
g) label: Iyo bhatani label mavara anoratidzwa paFirezone portal login peji.
- Enda kune iyo Azure Active Directory peji pane iyo Azure portal. Sarudza chinongedzo chekunyoreswa kweApp pasi peManeja menyu, tinya New Registration, uye nyoresa mushure mekupinda zvinotevera:
a) Zita: Firezone
b) Mhando dzeakaundi dzinotsigirwa: (Default Directory chete - Muroja mumwe chete)
c) Redirect URI: Iyi inofanirwa kunge iri Firezone yako EXTERNAL_URL + /auth/oidc/ /callback/, semuenzaniso https://firezone.example.com/auth/oidc/azure/callback/.
- Mushure mekunyoresa, vhura iwo maonero echishandiso uye wokopa iyo Chikumbiro (mutengi) ID. Iyi ichave iyo client_id kukosha.
- Vhura iyo yekupedzisira menyu kuti utore OpenID Batanidza metadata gwaro. Iyi ichave iyo discovery_document_uri kukosha.
- Sarudza iyo Zvitupa & zvakavanzika chinongedzo pasi peManeja menyu uye gadzira chakavanzika chemutengi chitsva. Kopa chakavanzika chemutengi. Iyi ichave iyo client_secret value.
- Sarudza iyo API mvumo yekubatanidza pasi peManage menyu, tinya Wedzera mvumo, uye sarudza Microsoft Girafu. Wedzera email, openid, offline_access uye mbiri kune inodiwa mvumo.
- Enda kune / zvigadziriso/peji yekuchengetedza mune admin portal, tinya "Wedzera OpenID Batanidza Provider" uye isa izvo zvawawana mumatanho ari pamusoro.
- Gonesa kana kudzima iyo Auto gadzira vashandisi sarudzo yekugadzira otomatiki mushandisi asina rusaruro paunosaina kuburikidza neiyi nzira yechokwadi.
Makorokoto! Iwe unofanirwa kuona A Sign In neAzure bhatani pane yako yekusaina peji peji.
mhedziso
HailBytes VPN inopa dzakasiyana nzira dzechokwadi, dzinosanganisira multi-factor huchokwadi, OpenID Connect, uye SAML 2.0. Nekubatanidza OpenID Batanidza neAzure Active Directory sezvakaratidzwa muchinyorwa, vashandi vako vanogona zviri nyore uye zvakachengeteka kuwana zviwanikwa zvako paCloud kana AWS.
