Configuring AuthAnvil Password Server Sync Agents

The Sync Agents tab displays all of the sync agents that are currently authorized for use in the AuthAnvil Password Server, as well as showing any pending sync agent requests.

Approving Sync Agent Requests

After a Sync Agent has been installed on a machine, and goes to check into the AuthAnvil Password Server, it will appear in the Sync Agents tab as a pending agent. From here, you can click Approve to configure the agent for use with the AuthAnvil Password Server, or Deny to deny the request and remove the agent form the list.

When approving a sync agent, the following options are available:

• General Settings: Set a friendly name for the agent in the Agent Name field, and optionally set a new password for the agent. If you set a password for the agent, you will need to enter this password on the agent side before the approval process can complete. This is typically only required if you need to verify the identity of the computer that is making the request.
• Scopes: Choose one or more scopes for this Sync Agent to be available to.
• Linked Credential: For synchronizing passwords that require an administrative credential to be provided, such as Windows Tasks, you can set a credential to use for these password changes here, picking it from the passwords available in the system.

When ready, hit Save Changes to approve the Sync Agent request.

Deciding where to deploy agents

AuthAnvil Password Sync Agents allow you to synchronize passwords on local and remote machines on the same network, as well as passwords for services and scheduled tasks. In a domain environment, you only need to deploy a single sync agent for the domain, typically on the domain controller, which can handle all of the domain passwords. This sync agent is also capable of handling Windows passwords for all non-domain machines on the same network. Service and task passwords require an appropriate linked credential to be configured for the sync agent, which will typically be a domain credential.

In a non-domain environment, a single sync agent is capable of handling Windows passwords for all non-domain machines on the same network, so can be deployed on any machine. Typically, this will be installed on a server or another machine that will be online and available a majority of the time. Service and task passwords may require additional sync agents to be deployed, as they require an appropriate linked credential to be configured for the sync agent, and one linked credential can be configured per agent.

Deploying Agents

Installing the Sync Agent

1. Before installing a Sync Agent make sure Microsoft .NET Framework 4 Client Profile and Extended are both installed. You can download the full package here from Microsoft’s Download Center.
2. Download the sync agent package from the Sync Agents tab of your own AuthAnvil Password Server to the target machine.
3. Unzip the package and run the the SyncAgentSetup.msi package.
4. Click Next and then Next again to accept the default folder path.
5. Click Next to begin the install process.
6. Click Close when complete.

Configuring the Sync Agent

1. Run the Sync Agent Control Form elevated (Run as Administrator). By default it is located at C:\Program Files (x86)\Scorpion Software\AuthAnvil Password Sync Agent\SyncAgentControlForm.exe
   

2. Edit the Server URL and Org ID to point at your AuthAnvil Password Server instance and click “Save Settings.” The tool will start the Sync Agent service, and the sync agent will attempt to connect to the AuthAnvil Password Server, and this sync agent should appear under Pending Agents in the Sync Agents tab of the AuthAnvil Password Server.

Note: The Sync Agent included with AuthAnvil Password Server v1.6 is able to use HTTPS in the Server URL. Previous versions had to be manually reconfigured to allow HTTPS requests.

Changing Agent Settings

The Password Sync Agent includes a settings application located by default at C:\Program Files\Scorpion Software\AuthAnvil Password Sync Agent\SyncAgentControlForm.exe that allows the user to view and change a few agent-specific settings. Hit “Save Changes” to save your setting changes.

1. Server URL: The URL of your AuthAnvil Password Server
2. Org ID: The Org ID of your AuthAnvil Password Server Organization. This is typically 1.
3. Check-in Frequency: How often you would like this agent to check in with the AuthAnvil Password Server server for new instructions.
4. Certificate information: The Certificate used to identify this agent and secure communications between it and the AuthAnvil Password Server. Click “Revoke Certificate” if you believe that the certificate has been compromised, or if you are planning to decommission this sync agent so that it cannot be reused by another Sync Agent.
5. Trust Verification Code: A value that will uniquely identify this agent on an AuthAnvil Password Server. You can use this value to identify which agent this is in the list of agents listed in the Sync Agents tab in the AuthAnvil Password Server.
   
   

Manual Authorization

If you change the Sync Agent password during the Sync Agent Approval process, you will need to perform a Manual Authorization using this tool in order to complete the Sync Agent Approval process. After you change the password on the AuthAnvil Password Server side, open up this tool, click the “Manual Authorization” tab, enter the password that you set and click “Activate”. This will complete the approval process and authorize this Sync Agent for use in the AuthAnvil Password Server.

Managing Sync Agents

To manage a Sync Agent's settings, simply click on the agent's name under the Approved Agents section, and the following options are available:

• General Settings: Change the agent name, and enable or disable the agent.
• Scopes: Change the scopes that this agent is assigned to.
• Linked Credential: Add, change, or remove the linked credential that is assigned to this agent.
• Actions:
  • Delete Agent: Permanently remove this agent from the system.

When ready, hit Save Changes to save changes to this Sync Agent.

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.