AuthAnvil Two Factor Auth Installation

What you need to begin

To begin your deployment of AuthAnvil Two Factor Auth, we recommend you collect and prepare the following items before installation:

Download the latest installer files from the AuthAnvil 2FA Downloads website
Token import file. A file will have been added to your Customer Portal account under the Tokens page. This file is used to automate the importation of the token data into the AuthAnvil database and will be named <your-order-number>.tok.
Administrative access to a supported operating system on which you wish to install AuthAnvil. It is strongly recommended that during evaluation you test AuthAnvil in a non-production environment.
An AuthAnvil subscription key configured for your account in the Customer Portal

Installation of the AuthAnvil Two Factor Auth Server

Open a web browser to the address https://helpdesk.kaseya.com/forums/23070238
Click AuthAnvil 2FA Server Installer under the AuthAnvil 2FA Server Software category.
Either click Open on the file download or launch the installer manually after downloading and saving it to disk.
After you agree to the licensing agreement, the installer will check for and install prerequisites as needed, then ask you what type of installation you would like to do.
- New Install: Install a new copy of AuthAnvil Two Factor Auth.
- New Install and Restore Data: Install a new copy of AuthAnvil Two Factor Auth and restore from an existing AuthAnvil database backup (bup) file.
- Cluster: Install a new node into an existing cluster from a .clu file.
- Upgrade: Upgrade an existing version of AuthAnvil 3.5 or later to 5.5. This type of installation will require only your Subscription Key from the Customer Portal. Everything else will be automated.
Note: The recommended best practice when running an upgrade is to use the aabackup.exe utility (located by default at C:\Program Files\Scorpion Software\AuthAnvil Database Management\aabackup.exe (AuthAnvil 2.x or 3.0) or C:\Program Files\Scorpion Software\AuthAnvil\AuthAnvilTools\aabackup.exe (3.5 and later)) to take a backup of the AuthAnvil database before running the upgrade. This will allow a restore to the previous version. As a failsafe, if the upgrade fails for any reason, the installer will leave the IntermediateBackup.bup that it creates at C:\Program Files\Scorpion Software\AuthAnvil Setup V5.5\IntermediateBackup.bup.

If migrating an AuthAnvil 3.5 (or earlier) server to v5.5 using "New install and Restore Data," make sure that you back up your AuthAnvil database using the latest version of aabackup.exe available here. Next, uninstall your old version of AuthAnvil and ensure that the AuthAnvil sites have been completely removed from IIS, then run the AuthAnvil Two Factor Auth Installer, choosing the "New Install and Restore Data" option. When asked, provide the the bup file that you just created with aabackup.exe.

Note: The upgrade process does not support upgrading servers that use wildcard SSL certificates. To upgrade these servers, back up your AuthAnvil database using the latest version of aabackup.exe, available here, then uninstall your old version of AuthAnvil, ensure that the AuthAnvil sites have been completely removed from IIS, and run the AuthAnvil Two Factor Auth Installer, choosing the "New Install and Restore Data" option. When asked, provide the the bup file that you just created with aabackup.exe. After the install completes, run the AAWebConfigEditor tool to change the SAS and Admin URLs so that they match the FQDN of your server, following the instructions in Appendix C of this document.

Note: Upgrades are supported from AuthAnvil 4.0 and later only. Previous versions need to be uninstalled before running the AuthAnvil Two Factor Auth 5.5 installer, and you need to run a "New Install and Restore Data" using your backup file.
AuthAnvil Two Factor Auth requires an active subscription account. Collect your Administrative Contact and Subscription Key from the Customer Portal, which the installer will validate before allowing you to continue. If you don't have an account, please contact your account manager or email sales@scorpionsoft.com. You can retrieve your subscription key from https://customer.scorpionsoft.com.
The installer will then ask whether you want to use a new or existing SQL installation.

Note: Regarding non domain-joined machine setup: If the SQL instance is not on the same server as the AuthAnvil SAS, then both will need the database user account to exist locally for impersonation to function correctly. Contact customer support for assistance if you intend to deploy following this scenario.
If you chose "Install to an existing SQL Server", the installer will next ask you for the location of SQL Server instance. Enter this in the form of SQLSERVERNAMEINSTANCENAME or SQLSERVERNAME if the server does not use a named instance.
Note: You will need to have administrative permissions on the SQL server instance that you select.
If you chose "New Install and Restore Data", the installer will ask you for the location of the AuthAnvil Database Backup (bup) file to restore from.
Next, if you chose "New Install", the install will ask for your Company Name and get you to set a Master Admin Password. The company name is used to identify this server in your billing statements, and the master admin password is used to manage system-level functions for this AuthAnvil Two Factor Auth server from the AuthAnvil Management Console. This password is difficult to reset, so should be strong and not well-known within the organization.

Note: The AuthAnvil Single Sign On module for Two Factor Auth will be installed by default, unless the checkbox to disable its installation is checked.
If "New Install" is chosen, the installer will ask you for your email server settings. The email server defines where AuthAnvil Two Factor Auth will send email messages for alerts and enrollment requests. This should be a resolvable name or IP address to a working SMTP (mail) server that will allow the AuthAnvil Two Factor Auth server to relay messages. The From Address field defines who the email will be sent from, such as 'authanvil@yourdomain.com'.
Note: This email address is also the email address that the server will send any administrative emails to, so make sure that it is a mailbox that is checked regularly. If you email server requires authentication, you can also configure that here.
Next, the installer will ask you to pick which website in IIS you want AuthAnvil Two Factor Auth to be installed to. If you are unsure, select "Default Web Site" or the first item in the list. Scorpion Software recommends that you use a website that has an SSL certificate assigned to it. A certificate can be assigned after the installation. (See Configuring Secure Communications With SSL later in this document for more information).
Note for SBS installs: You should install AuthAnvil Two Factor Auth into the SBS Web Applications site on an SBS server.
Next, the installer will ask you to confirm the base URL of your Two Factor Auth server. This URL should match the base domain name of your selected IIS website.
If you are doing a new install, the installer will next ask you to set up your first user, including username, first name, last name, email address, and to set up a temporary password so that the user can log on to the AuthAnvil Manager and begin assigning tokens.
Finally, if AuthAnvil Two Factor Auth is being installed on a domain controller, the installer will offer to install the ADUS client on the machine and configure the ADUS Web Service.
After confirming your selection, setup will complete a few final tasks and display a "Setup Complete" message. Click Finish to complete the install and launch the AuthAnvil Manager.
Note: For installs on servers that use wildcard SSL certificates: After installation, the server will need to be configured with the correct FQDN using the AAWebConfigEditor, as described in Appendix C of this document.