- Kaseya 6.3 running on Server 2008 or later (IIS 7 required)
- A working AuthAnvil Password Server (v1.5 or later) that has already been configured as per the AuthAnvil Password Server Installation Guide.
NOTE: AuthAnvil Password Server v1.5 and later cannot be installed on the same web site as Kaseya. AuthAnvil Password Server will need to be moved to a separate IIS web site on the same server, or on a completely different server. See the AuthAnvil Password Server Installation Guide for details on backing up your AuthAnvil Password Server and restoring your data to a new server installation.
Kaseya offers a powerful and flexible system of network management tools. The AuthAnvil Password Server Addin for Kaseya 2 complements this functionality to manage and audit password access throughout domains, websites and networks, all available in the Kaseya interface.
The rest of this document will step through the process to accomplish the implementation and configuration of AuthAnvil Password Server support on a server running Kaseya 22.214.171.124 or later. This document assumes that the AuthAnvil Password Server has already been configured as per the AuthAnvil Password Server Installation Guide.
NOTE: This installer initiates a Kaseya Schema Rebuild as part of the installation process. Please keep this in mind deciding when to install the Addin as this will disable user functionality for several minutes.
Installing the AuthAnvil Password Server Addin for Kaseya 2
Step 1: Contact Support to receive the Kaseya Addin files.
Step 2: Place the files on the Kaseya server and launch the Addin installer (AAPS_KaseyaAddin.exe)
Step 3: Click Next on the opening installer screen, then accept the license agreement and click Next once more.
Step 4: For this step you will need the web.config file from your AuthAnvil Password Server (C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\web.config). If it is not accessible directly from the Kaseya server, you will need to copy it over to this machine. Browse to the web.config file and you will be prompted to input the web service URL for your AuthAnvil Password Server. This must be configured to use http instead of https, and it must resolve properly. Copy/paste the URL into a local browser session on the Kaseya server to verify the URL.
Step 5: Locate the SyncAgent Setup ZIP file from your AuthAnvil Password Server. You can find it at C:\Program Files\Scorpion Software\AuthAnvil Password Server\AAPS\SyncAgent Setup\SyncAgent Setup Package.zip, or you can copy the ZIP file to a location accessible by the Kaseya server. Click Next to continue.
Step 6: Click Next to start the install.
Step 7: When the install is complete, you will be presented with the final screen. Click Finish to launch the Kaseya Schema update so that Kaseya can load the AuthAnvil Password Server Addin.
Step 8: Log into Kaseya. If you have AuthAnvil 2FA enabled at logon, you will see a screen that resembles this.
Step 9: Click on the Password Server tab on the left hand navigation bar. Without AuthAnvil Single Sign On configured, you will see a login prompt for the AuthAnvil Password Server. See the next section on how to configure this Addin to use SSO.
CAUTION: If you have AuthAnvil Password Server v1.6 you will likely end up seeing an error the first time you load the pages in the Password Server Addin. Follow the steps in this Knowledge Base article to resolve this issue.
Configuring the AuthAnvil Password Server Addin to use AuthAnvil Single Sign On
The AuthAnvil Password Server makes it easy to create, audit, update, secure and reset passwords all from one central portal. Now that you have the AAPS Addin installed, all of this capability is now available inside Kaseya. Securing all of that password data should be done using two-factor authentication rather than a single, static password. With AuthAnvil 2FA and our 2FA Addin, you can configure AuthAnvil SSO to automatically log you in to the AuthAnvil Password Server using a 2FA prompt on your front-end Kaseya login. The end result is a single login to Kaseya giving you access to the AuthAnvil Password Server.
To do this, you will need the following components:
- An existing AuthAnvil Two Factor Auth server, v4.6 or later (link to guide)
- AuthAnvil 2FA Addin for Kaseya, v3.0 or later (link to guide)
- AuthAnvil Single Sign On v3.0 or later (link to guide)
- SSO configured for AuthAnvil Password Server (link to guide)
(If you are not certain which versions you have installed, please contact Customer Service at http://www.scorpionsoft.com/help)
This configuration assumes that you are able to log in to Kaseya using your normal Kaseya credentials and your AuthAnvil Passcode. You should also be able to log in to SSO using the same username as your Kaseya login, to have one-click access to the Password Server. If you are not at this point, please review the documentation links above.
Step 1: Log in to Kaseya and click on the Password Server tab on the left-hand side. Click Configure Web Service to display the SSO configuration screen.
Step 2: Check the box to Enable SSO authentication.
Step 3: Update the SSO service URL so it points to the ssologon.asmx page on your AuthAnvil Password Server (i.e. http://localhost/AAPS/ssologon.asmx). Copy and paste this URL into a browser to make sure it can be reached from the Kaseya server.
Step 4: The Audience URI will not need to be changed.
Step 5: Click Save Settings to confirm the values for a Single Sign On connection.
Step 6: All the components should now be properly configured to use your 2FA login to Kaseya so that you are automatically logged in to the Password Server. Make sure your user is not whitelisted from using 2FA credentials and log out of Kaseya. Log back in with your username, password, and 2FA Passcode.
Step 7: Verify that the Addin is configured correctly by expanding the Password Server tab and clicking on Dashboard. This should load up the front page of the AuthAnvil Password Server with your specific user account already logged in. If you still see a login prompt, see the Troubleshooting section at the end of this guide.
Note: By default, you will only be able to use the Remote Desktop Connection functionality of the AuthAnvil Password Server when you are connected to Kaseya using https. If you wish to allow http connections to have access to RDP through the AuthAnvil Password Server, open C:\Kaseya\WebPages\AAPS_Addin\web.config and modify the key httpsOverride so that the value is 1.
Issue: After completing the SSO configuration for the Addin, you still see the login screen when clicking on a Password Server page.
Cause #1: The Web Service URL is incorrect or unable to be resolved. You can test this by trying to log in to the AuthAnvil Password Server where the login appears inside Kaseya. The login page will refresh with no error message.
Cause #2: Single Sign On has not been properly configured to allow this user or the AuthAnvil Password Server application. Verify that your Kaseya username is able to log in to the SSO portal and can access the AuthAnvil Password Server through this portal.
Cause #3: You do not have all the required components installed, or they are not running the proper compatible versions.
Resolution #1: Open the file at C:\Kaseya\WebPages\AAPS_Addin\web.config. Scroll down about halfway until you see endpoint address and update the URL to point to your AuthAnvil Password Server web service using http. Copy and paste this URL into the browser to make sure it is able to be resolved.
Resolution #2: If your username is unable to log in to SSO, check the Auth Logs in the AuthAnvil Manager to see if there are any errors corresponding to your Kaseya or SSO login. Double-check that your Kaseya username exists in AuthAnvil, and that it has been enabled in SSO. Consult the SSO documentation to verify you have correctly configured your username and application: http://www.scorpionsoft.com/docs/sso
Resolution #3: Double-check that your product versions match the following:
- AuthAnvil Two Factor Auth, v4.6 or later (viewable at the bottom of the AuthAnvil Manager page)
- AuthAnvil 2FA Addin for Kaseya, v3.0 or later (in the AuthAnvil / Two Factor Auth tab in Kaseya, click About AuthAnvil Addin)
- AuthAnvil Single Sign On v3.0 or later (viewable at the bottom of the SSO login page)
- AuthAnvil Password Server v1.5 or later (viewable at the bottom of the AAPS login page)
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .