Configuring Juniper as first factor authentication - PingID

PingID Administration Guide
bundle
pingid
ft:publication_title
PingID Administration Guide
Product_Version_ce
PingID
category
ContentType
Product
Productdocumentation
pingid
ContentType_ce
Product documentation

Configure Juniper 8.0 as the first-factor ID provider using LDAP and PingFederate with PingID RADIUS password credential validator (PCV) as the second factor.

  1. Configure PingFederate with a PingID RADIUS PCV, and leave the Delegate PCV section empty.

    For more information, see Integration for devices using a RADIUS server.


    A screen capture of Create Credential Validator Instance window in the PingFederate administrative console.

  2. In the Juniper admin portal, create and configure the PingID RADIUS configuration.

    For more information, see Configuring Juniper for PingID multi-factor authentication.

  3. Go to Authentication > Authentication Servers.
    A screen capture of the Authentication Servers window in the Juniper UI.
  4. From the New drop-down list, select LDAP Server, and then click New Server.
  5. In the Settings tab, complete the following fields:
    1. In the Name field, enter a name for the server.
    2. In the LDAP Server field, enter the IP address or hostname of the LDAP server.
    3. In the LDAP Port field, keep the default value of 389, or change it according to the LDAP configuration.
    4. From the LDAP Server Type list, select Active Directory.
    5. From the Connection options, keep the default value of Unencrypted, or change it to match the LDAP configuration.
    6. In the Connection Timeout field, enter 30.
    7. In the Search Timeout field, enter 90.
    8. Leave all other fields empty.
    A screen capture of the New Authentication Server window in the Juniper UI.
  6. To confirm that the connection is valid before continuing, click Test Connection.
  7. In the Authentication Required? section, complete the following fields:
    1. Select the Authentication Required to Search LDAP check box.
    2. In the Admin DN field, enter the admin DN.

      For example, CN=Administrator, CN=Users, DC=Accells, DC=Lab.

    3. In the Password field, enter the admin password.
    A screen capture of the Authentication Required? section in the Juniper UI. The Authentication required to search LDAP check box is selected. The Admin DN field shows the example DN: CN=Administrator, CN=Users, DC=Accells, DC=Lab. The Password field shows an obfuscated password example.
  8. In the Finding User Entries section, complete the following fields:
    1. In the Base DN field, enter the Base DN.

      For example, CN=Users, DC=Accells, DC=Lab.

    2. In the Filter field, enter samaccountname=<USER>.
    A screen capture of the Finding User Entries section in the Juniper UI. The Base DN field shows the example DN: CN=Users, DC=Accells, DC=Lab. The Filter field has an asterisk next to it and shows the value samaccountname=<USER>.
  9. In the Determining Group Membership section, complete the following fields:
    1. In the Base DN field, enter the Base DN.

      For example, CN=Users, DC=Accells, DC=Lab.

    2. In the Filter field, enter CN=<GROUPNAME>
    3. In the Member Attribute field, enter member.