How to Migrate AuthAnvil On-Premises Integrations to Passly

Kaseya has had two AuthAnvil products in the marketplace over the last 9.5 years. The following products are being moved to end of life and support will end on December 31st 2023. 

AuthAnvil On-Premises & AuthAnvil On-Demand

  • AuthAnvil On-Premises (AAoP) was originally a product sold by Scorpion Software.
    - Scorpion Software was acquired by Kaseya 9 years ago.  
    - This was an On-Premises IIS hosted application that provided 2FA/SSO/Password management. 
    - No code work has occurred for over 7 years as of Mar. 2023. 
    - We have not sold AAoP for 6+ years.
  • AuthAnvil On-Demand (AAoD) was launched 7 years ago approximately.  
    - AuthAnvil On-Demand is Passly under a new branding and new URL's.   
    - AuthAnvil On-Demand was built using an outdated version of the Polymer UI from Google. This has been replaced in Passly via the ReactJS user interface. 

For more information about the End of life notice for AuthAnvil please see this guide

Migration Process

Please note this process only documents the application settings for Kaseya modules. 
You will need to enable your users in Passly before they can use authentication. Please see this section for more assistance with settings up Passly users.

Integrations 

Updating Kaseya VSA

There are two possible integration configurations involved here. 

  • Customers using AuthAnvil in place of VSA's native 2FA enforcement.
  • Customers also using the SAML settings enabled. 

VSA AuthAnvil 2FA only using customers

You have the AuthAnvil Module enabled In VSA. That module contains a setting known as the SAS URL (https://FQDN/AuthAnvil/SAS.asmx

  1. Update the SAS URL in VSA. VSA > AuthAnvil Module > Configure Kaseya login.
    Note: VSA On-Premises customers you can also update this in MS SQL > ksubscribers > dbo.AA_Settings if you have any user interface issues.
    mceclip1.png
    Note: Site ID is always 1 for Passly tenants. https://(customer).my.passly.com/AuthAnvil/SAS.asmx (Replace (customer) with your actual Passly tenant).
    Note: You will be changing the SAS URL to reflect your new Passly tenant. 
    Note: If you no longer wish to use the AuthAnvil module for 2FA simple select "Disable Two Factor Auth during Kaseya server logons"
    mceclip0.png
  2. Select Save Changes.
    mceclip8.png

Users will now be logging into VSA using Passly and no longer required to use AuthAnvil.

VSA SAML Using Customers

You have the AuthAnvil Module enabled In VSA using the SAML settings located below the SAS URL settings you will need to make the following changes as well.

  1. Create the new VSA SAML Application in Passly.

Most customers will follow the first link below. If you use Domain watch or have a need for the Passly username to be different then the Kaseya VSA username we have alternate guides to aide you. 

  1. VSA:  Adding the Virtual System Administrator (VSA) for Single Sign On - https://helpdesk.kaseya.com/hc/en-gb/articles/4407399173521 
  2. VSA using Domain Watch. (Alternate configuration)
    Adding Virtual System Administrator (VSA) SAML app fails when using Domain Watch - https://helpdesk.kaseya.com/hc/en-gb/articles/4407406483473
  3. Using VSA with alternate Usernames. (Alternate configuration)
    How to make a Custom Alternate Principal Name for SSO to Kaseya VSA - https://helpdesk.kaseya.com/hc/en-gb/articles/4407405559697

Complete the setup for VSA by replacing your AAoP based SAML certificate with the one generated from the Passly Web user interface.

  1. You can download this new certificate from the "Signing and Encryption" tab within your Passly VSA application under the SSO Manager. 
    mceclip2.png
  2. You can upload the certificate into VSA via VSA > AuthAnvil Module > Configure Kaseya login.
    mceclip4.png
  3. Choose Select certificate .
    mceclip5.png
  4. Select Choose file.
    mceclip6.png
  5. Select Import Selected Certificate.
    mceclip7.png
  6. Select Save Changes.
    mceclip8.png

Users should now be able to Launch VSA from your Passly SSO Launchpad.

If you wish to enforce the use of SSO the module does contain those options as well. 
mceclip9.png

Autotask

Autotask was a legacy AuthAnvil supported integration. The integration was built by the Autotask team pre-acquisition to Kaseya for both companies. 

Server Settings

  1. Navigate to  > Admin > Features & Settings > Application-wide (Shared) Features > System Settings.
  2. Expand the Site Setup group.
  3. In the AuthAnvil Authentication Server URL,
    Update the SAS URL from https://(FQDN)/AuthAnvil/SAS.ASMX to https://(companyname).my.passly.com/AuthAnvil/SAS.asmx
    (Replace (companyname) with your actual Passly tenant).
    Note: You will be changing the SAS URL to reflect your new Passly tenant. 
  4. For "AuthAnvil Site ID", enter the Site ID provided by AuthAnvil.
    Note: Site ID is always 1 for Passly tenants. 
  5. Click Save.

Users 

  1. Go to  > Admin > Organization Settings & Users > Resources/Users (HR) > Resources/Users (HR) .
  2. Right-click the resource's name, and select Edit Resource.
  3. Click the Security tab.
  4. Select the Require Two-Factor Authentication for this Resource check box.
  5. Select an option for when the authentication requirement will take effect.
    Note: You can use this setting to temporarily suspend the two-factor authentication requirements at any time.
    Note: If you no longer wish to use the AuthAnvil module for 2FA simple select use TOTP (Google Authenticator etc. )
  6. Save Settings.

IT Glue

IT Glue supports the use of SAML access via the web. 

  • The application will need to be created in Passly.
  • Please follow this guide to enable SAML for IT Glue. 

Traverse 

Traverse supports the use of SAML access via the web. 

  • The application will need to be created in Passly.
  • Please follow this guide to enable SAML for Traverse. 

BMS / Vorex

BMS/Vorex supports the use of SAML access via the web. 

  • The application will need to be created in Passly.
  • Please follow this guide to enable SAML for Traverse. 

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section