It鈥檚 the worst-kept secret in IT: small and medium-sized enterprises (SMEs) must use their budgets judiciously. The cost of network hardware, in particular, can be a major obstacle that places constraints on what IT admins can accomplish. The domainless enterprise presents a solution, minus the expensive hardware to manage your directory and access control (and especially your VPN). This makes strong perimeter security achievable at sustainable costs.
黑料海角91入口 provides identity and access management (IAM) infrastructure through the cloud that you can configure to manage , an open source VPN that鈥檚 based on . 黑料海角91入口 provides your directory of users and devices or will extend your existing directory. OpenVPN is a mature, widely used solution that鈥檚 been available for over two decades. It鈥檚 functionally the same as VPN appliances that you鈥檇 pay a reseller to obtain at high cost.
The benefits extend beyond connectivity: 黑料海角91入口 layers on additional Zero Trust security controls that are transparent to the end user beyond being prompted to authenticate themselves when they鈥檙e accessing IT resources. This solution protects your confidential information and systems while reducing the costs that are traditionally associated with remote IT access.
黑料海角91入口 Manages and Secures
黑料海角91入口鈥檚 LDAP directory underpins access control and has integrated Zero Trust security features that continuously authenticates and authorizes users. The cloud directory extends to single sign-on (SAML SSO) to direct users to the 黑料海角91入口 portal for authentication. 黑料海角91入口 then layers on security features, including environment wide multi-factor authentication (MFA) and conditional access, to determine which devices may access your VPN and from where.
Other features manage and secure your devices, cross-OS, with patching and pre-built policies that act to harden systems against common security exploits. Conditional access leverages these capabilities so that only compliant devices are granted access to your VPN. This added security is accomplished without installing and maintaining additional software or hardware.
Streamlined User Lifecycle Management
The 黑料海角91入口 directory handles permissions differently than traditional on-premise solutions such as Microsoft鈥檚 Active Directory. They鈥檙e similar in that access to your VPN is determined by group membership(s), but 黑料海角91入口鈥檚 user management is designed for the modern era. 黑料海角91入口 utilizes attribute-based access control (ABAC), which suggests membership changes when a user should (or shouldn鈥檛) have access to IT resources. Attributes such as 鈥渕anager鈥 are actively polled to verify memberships, which saves time managing users and helps IT admins avoid potential security issues from internal and external threat actors.
This capability isn鈥檛 limited to the 黑料海角91入口 directory. Our platform integrates and extends existing directories such as Active Directory, Azure AD, or Google Workspace. 黑料海角91入口鈥檚 platform provides vital cross-OS Zero Trust management and security that those systems lack.
Now, let鈥檚 discuss how to get started with integrating 黑料海角91入口 and Pritunl. Detailed guidance about how to or subscribe to Pritunl managed services can be found on its website.
黑料海角91入口 Setup
The initial step is to create a custom SSO connector for Pritunl. 黑料海角91入口 provides hundreds of free connectors as part of your subscription, and is routinely adding more, so search for it before you move ahead with this project. Continue to the next section if one isn鈥檛 available.
Create a SAML Connector
Click the SSO button in the left frame of the administrative console and hit the 鈥減lus鈥 sign to start a new SSO connection. Select 鈥淐ustomer SAML App鈥 and begin by filling in the requisite information to label your connector and choose a color scheme and logo. More context is available in 黑料海角91入口鈥檚 should you have any additional requirements.
Then, navigate to the SSO tab and enter an Entity ID that鈥檚 unique to your organization鈥檚 environment. The settings on this screen are case-sensitive on both systems; any typo will result in errors and the integration will fail. Your Pritunl FQDNs and 黑料海角91入口 IDs may differ, but the fields should be formatted as outlined below:
Follow the URL/URI formats precisely
The redirect endpoint ensures that 黑料海角91入口鈥檚 console will be used to log users into the VPN
Pritunl requires the 鈥渙rg鈥 attribute for group memberships
Activate the 黑料海角91入口 SSO connector once you鈥檙e finished and download the certificate. You鈥檒l be required to copy the key into Pritunl鈥檚 GUI in a later step.
Setup Groups and Permissions
Click on the User Groups tab and add the group(s) that should have access to the VPN service. The link below is a detailed guide for admins who are unfamiliar with using 黑料海角91入口.
Group membership grants access rights to the VPN
Pritunl VPN will be available within the 黑料海角91入口 User Console
Pritunl SSO Setup
Pritunl has 黑料海角91入口 listed as an authentication provider. Pull down the list, select 黑料海角91入口, and select 鈥渁dd provider鈥 to start the process of filling in Identity Provider settings.
The settings will be identical to what you entered into the 黑料海角91入口 admin console. Cut and paste the certificate from a text editor when you open the certificate on your PC. This integration also requires a 黑料海角91入口 API key from your console, which will be outlined in the next section. Both of these entries are confidential and should be kept private and carefully controlled.
Your 黑料海角91入口 API key may be reviewed by clicking on your user icon at the top right of your console. Note: Generating a new key will revoke prior keys and could break prior integrations.
You鈥檙e now ready to test your configuration.
Add Zero Trust Security from 黑料海角91入口
Strongly consider adding Zero Trust security controls with 黑料海角91入口 Conditional Access Policies. These policies extend security beyond strong passwords and MFA alone.
Policies are assigned to existing groups or you may create dedicated groups for your requirements. Different groups may have different policies (or no policies). Policies include:
- Geofencing: 黑料海角91入口 permits you to whitelist selected countries to access your VPN. Any devices that attempt to log in from locations that aren鈥檛 specified will be denied access. For instance, an employee may be attempting to access internal resources from unsecured hotel Wi-Fi while on vacation.
- Managed devices: Limit access exclusively to 黑料海角91入口 managed devices. This ensures that IAM isn鈥檛 allowing rogue devices into your network.
- : Users must prove who they say they are prior to accessing the VPN by entering a TOTP MFA code or Push MFA through the 黑料海角91入口 Protect鈩 application. This extends MFA beyond initial device/session logins for additional assurance, which is advisable given the current threat landscape.
Tip: Retest your connectivity prior to making changes that could adversely affect user access.
Try 黑料海角91入口 SSO with Conditional Access
Zero Trust security should be used in combination with perimeter-based security. You can save budget by using Pritunl with 黑料海角91入口, and use 黑料海角91入口 to manage VPN access. The platform is . Existing users should contact their 黑料海角91入口 implementation manager to begin testing conditional access.
