HID BalaBit and ActivID AAA User Manual
The Trusted Source for
Secure Identity
Solutions
ActivID® AAA and
BalaBit® Shell Control Box
Integration Handbook
Product Version 6.7 | Document Version 1.2 | Release | April 14, 2014
ActivID AAA and BalaBit Shell Control Box | Integration Handbook
External Use | July 30, 2014 | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
P 2
Table of Contents
Table of Contents ....................................................................................................................................................... 2
1.0 Introduction ....................................................................................................................................................... 3
1.1 Scope of Document .................................................................................................................................... 3
1.2 Prerequisites .............................................................................................................................................. 3
2.0 Shell Control Box Configuration ........................................................................................................................ 4
2.1 Procedure 1: Create New RADIUS Server Instance .................................................................................. 4
2.2 Managing User Rights and User Groups ................................................................................................... 6
3.0 AAA Configuration ............................................................................................................................................ 8
3.1 Procedure 1: Configure the BALABIT Gate ............................................................................................... 8
3.2 Procedure 2: Assign Group(s) to the BALABIT Gate ................................................................................. 9
4.0 Sample Authentication .................................................................................................................................... 11
ActivID AAA and BalaBit Shell Control Box | Integration Handbook
External Use | July 30, 2014 | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
P 3
1.0 Introduction
BalaBit® Shell Control Box (or SCB) is an activity monitoring solution that you can install within your
Information System platform that provides activities and trails —in real or delayed time—on who did what,
where, when and how.
With SCB, you can control the access of internal or external IT service providers and record service provider
work sessions and review them as needed (audit sessions, incidents, etc.).
The HID Global solutions that work with SCB provide versatile, flexible, strong authentication that is scalable
and simple to manage.
There are two main HID Global solutions:
AAA Server for Remote Access— an authentication server that addresses the security risks
associated with a mobile workforce remotely accessing systems and data.
ActivID Appliance— an authentication server that offers support for multiple authentication
methods that are useful for diverse audiences across a variety of service channels (SAML,
RADIUS, etc.), including user name and password, mobile and PC soft tokens, one-time
passwords, and transparent Web soft tokens.
1.1 Scope of Document
This document describes in steps how to configure the integration of the ActivID AAA authentication server
with the BALABIT Shell Control Box solution.
1.2 Prerequisites
ActivID AAA Server is up-to-date (version 6.7) with LDAP users and groups already configured.
BalaBit Shell Control Box is installed and configured (version SCB3.5.0 or more recent).
ActivID AAA and BalaBit Shell Control Box | Integration Handbook
External Use | July 30, 2014 | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
P 4
Note: If a server is unreachable, SCB will try to connect to the next server in the list in failover
fashion.
2.0 Shell Control Box Configuration
This chapter describes how to configure the BalaBit Shell Control Box (SCB) to work with ActivID AAA. When
a user signs into a BalaBit Shell Control Box appliance, the BalaBit appliance forwards the user’s credentials
to an authentication server to verify the user’s identity. You will need to create a new RADIUS server instance
for the ActivID AAA server, in order to validate the user’s one-time password generated by a token.
2.1 Procedure 1: Create New RADIUS Server Instance
When an external RADIUS server is used to authenticate BALABIT users, you must configure the RADIUS
server to recognize Balabit as a client, and you must specify a shared secret for the RADIUS server to use to
authenticate client requests. To configure a connection to the RADIUS server on the BalaBit Shell Control Box
(SCB) appliance, perform the following steps.
1. On the main tab of the navigation pane, expand AAA, and then click Settings.
2. Set the Authentication Method field to RADIUS.
3. In the Address field, enter the IP address or the domain name of the RADIUS server.
4. In the Shared secret field, enter the password that SCB can use to access the server (must be the same
one as in the Shared Secret field in ActivID AAA).
5. To add more RADIUS servers, click + and repeat steps 2-4.
Loading...