Integration Setup How to Protect VSA with AuthAnvil
When you access the AuthAnvil Module for the first time in Virtual System Administrator R9.1 or newer, you will notice a configuration wizard. This configuration wizard will allow you to configure the AuthAnvil integration built into VSA.
Note: This integration does not support the use of Push. You will need to use OTP.
Note: This integration requires a working AuthAnvil tenant. If you are not a current AuthAnvil subscriber please contact IAM.firstname.lastname@example.org for more information about signing up.
Initial Setup in VSA
- Log into Virtual System Administrator R9.1 (or newer)
- Select the AuthAnvil Module > Configure AuthAnvil Settings
- Select: I would like to configure Two Factor Auth Only.
- Note: See this article if you would like to add both the logon protection and the Password Server integration.
- Next, enter the SAS URL for your AuthAnvil Server.
Note: Your SAS URL will be https://(Your company).my.authanvil.com/AuthAnvil/SAS.asmx
- Define a whitelisted user that will not require Two Factor Authentication.
- Select Verify Settings.
- Once you see the settings are valid, select Next.
- Now that you have the logon protection configured, you can select Finish to apply the settings.
You should now see the same logon prompt when a user (who is required to use two-factor authentication) logs in.
Note: You will not see the MFA prompt until after you enter your password and select Log On. Note: This requires a login from a user not in the whitelist.
Note: Users will need to enter a four digit pin here as well as the One Time Password.
- For the Pin your users will use Pin: 1111
- The actual Pin requirement was a holdover from the old on-prem configuration. AuthAnvil does not use the Pin; however, it respects the value being submitted.
Configuration using the AuthAnvil Module within VSA
Once logged in, you can manage your user and IP whitelists via the AuthAnvil Module >Two Factor Auth > Configure Kaseya Logon.
In the AuthAnvil Module, you can choose to enable the two-factor login requirement.
Whitelisted users should be entered comma-separated, with no spaces.
Example: fred,john,james to domain.com/fred,domain.com/john,domain.com/james
IP's can be entered as comma-separated with no spaces. IP's will need be entered using CIDR format.
Select Save Settings before logging out.