Ungasetha kanjani ukuqinisekiswa kwe-Hailbytes VPN
Isingeniso
Manje njengoba usune-HailBytes VPN yokusetha futhi uyilungisile, ungaqala ukuhlola ezinye zezici zokuphepha ezinikezwa yi-HailBytes. Ungahlola ibhulogi yethu ukuze uthole imiyalelo yokusetha nezici ze-VPN. Kulesi sihloko, sizofaka izindlela zokuqinisekisa ezisekelwa i-HailBytes VPN nokuthi ungeza kanjani indlela yokuqinisekisa.
Uhlolojikelele
I-HailBytes VPN inikeza izindlela ezimbalwa zokufakazela ubuqiniso ngaphandle kokuqinisekisa kwendabuko kwasendaweni. Ukunciphisa ubungozi bokuphepha, sincoma ukuthi ukhubaze ukuqinisekiswa kwasendaweni. Kunalokho, sincoma ukuqinisekiswa kwezinto eziningi (i-MFA), i-OpenID Connect, noma i-SAML 2.0.
- I-MFA yengeza isendlalelo esengeziwe sokuphepha phezu kokuqinisekisa kwasendaweni. I-HailBytes VPN ihlanganisa izinguqulo ezakhelwe ngaphakathi zendawo kanye nokusekelwa kwe-MFA yangaphandle kubahlinzeki abaningi abaziwayo abafana no-Okta, i-Azure AD, ne-Onelogin.
- I-OpenID Connect iyisendlalelo sobunikazi esakhiwe kuphrothokholi ye-OAuth 2.0. Inikeza indlela evikelekile nemisiwe yokuqinisekisa nokuthola ulwazi lomsebenzisi kumnikezeli kamazisi ngaphandle kokungena ngemvume izikhathi eziningi.
- I-SAML 2.0 iyindinganiso evulekile esekwe ku-XML yokushintshisana ngolwazi lokuqinisekisa nokugunyazwa phakathi kwezinhlangothi. Ivumela abasebenzisi ukuthi bagunyaze kanye ngomhlinzeki wobunikazi ngaphandle kokuthi baphinde bagunyaze ukuze bafinyelele izinhlelo zokusebenza ezahlukene.
I-OpenID Xhuma ne-Azure Setha
Kulesi sigaba, sizoxoxa kafushane mayelana nendlela yokuhlanganisa umhlinzeki wakho wobunikazi usebenzisa i-OIDC Multi-Factor Authentication. Lo mhlahlandlela uhloselwe ukusebenzisa i-Azure Active Directory. Abahlinzeki bomazisi abahlukene bangase babe nokucushwa okungajwayelekile nezinye izinkinga.
- Sincoma ukuthi usebenzise omunye wabahlinzeki oseke wasekelwa futhi wahlolwa ngokugcwele: I-Azure Active Directory, i-Okta, i-Onelogin, i-Keycloak, i-Auth0, ne-Google Workspace.
- Uma ungasebenzisi umhlinzeki we-OIDC onconyiwe, ukulungiselelwa okulandelayo kuyadingeka.
a) discovery_document_uri: I-URI yokumisa yomhlinzeki we-OpenID Connect ebuyisela idokhumenti ye-JSON esetshenziselwa ukwakha izicelo ezilandelayo kulo mhlinzeki we-OIDC. Abanye abahlinzeki babhekisela kulokhu ngokuthi “i-URL eyaziwa kakhulu”.
b) client_id: I-ID yeklayenti yohlelo lokusebenza.
c) imfihlo_yeklayenti: Imfihlo yeklayenti yohlelo lokusebenza.
d) redirect_uri: Iyalela umhlinzeki we-OIDC ukuthi aqondise kuphi kabusha ngemva kokuqinisekisa. Lokhu kufanele kube i-Firezone yakho EXTERNAL_URL + /auth/oidc/ /callback/, isb https://firezone.example.com/auth/oidc/google/callback/.
e) response_type: Setha kukhodi.
f) ububanzi: Izikophu ze-OIDC ongazithola kumhlinzeki wakho we-OIDC. Okungenani, i-Firezone idinga i-openid kanye nezikophu ze-imeyili.
g) ilebula: Umbhalo welebula yenkinobho oboniswe ekhasini lokungena lephothali ye-Firezone.
- Zulazulela ekhasini le-Azure Active Directory kuphothali ye-Azure. Khetha isixhumanisi sokubhaliswa kohlelo lokusebenza ngaphansi kwemenyu ethi Phatha, chofoza okuthi Ukubhalisa Okusha, bese ubhalisa ngemva kokufaka okulandelayo:
a) Igama: Firezone
b) Izinhlobo zama-akhawunti asekelwayo: (Uhla lwemibhalo oluzenzakalelayo kuphela - Isiqashi esisodwa)
c) Qondisa kabusha i-URI: Lokhu kufanele kube i-Firezone EXTERNAL_URL + /auth/oidc/ /callback/, isb https://firezone.example.com/auth/oidc/azure/callback/.
- Ngemuva kokubhalisa, vula ukubukwa kwemininingwane yohlelo lokusebenza bese ukopisha i-ID yesicelo (yeklayenti). Leli kuzoba inani le-client_id.
- Vula imenyu yamaphoyinti okugcina ukuze ubuyise idokhumenti yemethadatha ye-OpenID Connect. Lokhu kuzoba inani le-discovery_document_uri.
- Khetha isixhumanisi esithi Izitifiketi nezimfihlo ngaphansi kwemenyu ethi Lawula bese udala imfihlo yeklayenti entsha. Kopisha imfihlo yeklayenti. Leli kuzoba inani eliyimfihlo_leklayenti.
- Khetha isixhumanisi sezimvume ze-API ngaphansi kwemenyu ethi Phatha, chofoza okuthi Engeza imvume, bese ukhetha Igrafu ye-Microsoft. Engeza i-imeyili, i-openid, ukufinyelela_okungaxhunyiwe ku-inthanethi kanye nephrofayela kuzimvume ezidingekayo.
- Zulazulela ekhasini /lezilungiselelo/lezokuphepha kuphothali yomqondisi, chofoza okuthi “Engeza Umhlinzeki We-OpenID Xhuma” bese ufaka imininingwane oyithole ezinyathelweni ezingenhla.
- Nika amandla noma khubaza inketho ethi Dala Ngokuzenzakalelayo ukuze udale ngokuzenzakalelayo umsebenzisi ongenamalungelo lapho engena ngale ndlela yokuqinisekisa.
Siyakuhalalisela! Kufanele ubone inkinobho yokungena nge-Azure ekhasini lakho lokungena ngemvume.
Isiphetho
I-HailBytes VPN inikezela ngezindlela ezihlukene zokuqinisekisa, okuhlanganisa ukuqinisekiswa kwezinto eziningi, i-OpenID Connect, ne-SAML 2.0. Ngokuhlanganisa i-OpenID Connect ne-Azure Active Directory njengoba kubonisiwe esihlokweni, abasebenzi bakho bangakwazi ukufinyelela izinsiza zakho kalula nangokuphephile ku-Cloud noma ku-AWS.
