Introduction
Welcome to the getting started guide for LogonBox. This guide will help you:
Server Side:
- Deploy LogonBox VM on VMWare ESXi 6.x
- Configure the LogonBox VMCentre
- Set up LogonBox
- Set up Active Directory
- Configure default HTTPS certificate
- Configure two-factor authentication
- Set up an SMTP server to send emails
- Configure messages
User Side:
- Configure user profile
- Reset your password
To learn more about LogonBox, see LogonBox Website and What is LogonBox?.
Step 1 - Deploy LogonBox VM on VMware ESXi 6.x
This guide helps you Deploy LogonBox VM on VMware ESXi 6.x. To learn how to deploy LogonBox on other hypervisors and platforms, see Installing LogonBox.
Install the LogonBox VM
1. Log in to your VMware ESXi server.
2. Select Virtual Machines from the Navigator menu.
3. Click Create/Register VM.
4. Select Deploy a Virtual Machine from an OVF or OVA file on the new virtual machine window and click Next.
5. Enter a name for the LogonBox VM.
6. Click the specified area to upload or drag and drop the OVF and VMDK files. Ensure you have unzipped the downloaded LogonBox zip file.
7. Click Next.
8. Select the storage and click Next.
9. Select the deployment options and click Next.
10. Review the configuration and click Finish.
Wait for the installation to complete.
You have successfully deployed the LogonBox VM on VMware ESXi 6.x.
Note: To learn how to deploy LogonBox on other hypervisors and platforms, see Installing LogonBox.
Step 2 - Configure the LogonBox VMCentre
1. Select the recently installed LogonBox VM. Click Power On if the VM is powered off.
2. Open the LogonBox VM's browser console.
3. Enter a New Password and confirm it.
4. Select the Keymap and the Language.
5. Click Set.
6. On the Login window, note down the IP address. You will use this IP address to access LogonBox in your web browser.
7. Enter the recently set password and click Login.
Configure LogonBox Networking
Note: This is an optional step. LogonBox automatically configures an IPv4 address using DHCP. You can use the existing IPv4 address to access LogonBox.
1. Click the Network Configuration icon from the left.
2. Enter a new DNS Server Address and a new Domain Search.
3. Enter a Hostname.
4. Uncheck the Use DHCP option.
5. Enter the Address, Gateway, Broadcast, and Netmask.
6. Click Save.
7. Click Apply to confirm.
8. Reboot the system. LogonBox VMCentre changes the network settings.
9. Enter the IP address in your web browser to access LogonBox. For example, https://192.168.111.89.
You have successfully configured the LogonBox VMCentre.
Step 3 - Set Up LogonBox
1. Once you access LogonBox in your web browser, LogonBox prompts you to the Setup Wizard.
2. Go through the license agreement, accept the terms, and click Next.
3. Enter the Username for the administrative account.
4. Enter a Password and confirm it.
5. Click Next.
6. On the Configure External Access step, click Next. See the Configuring Proxy Server guide below if you require LogonBox to connect to your product via a proxy server.
7. Enter your registration details - Your Name, the Company Name, and your Email, and click Next.
8. On the Download/Install Components step, Click Next.
9. Select the schemes to which 2-factor authentication will apply.
10. Select two or more secondary factor authentication modules for the selected schemes and click Next. You can also change the modules later from the admin homepage. LogonBox provides numerous secondary factor authentication modules (see Step 6 - Configure Two-factor Authentication).
This guide uses LogonBox Authenticator as one of the authentication modules.
11. Enter the number of Minimum Factors the users will require to authenticate the selected schemes.
12. Click Next.
13. The setup is complete. Click Restart to apply the configuration.
14. Once LogonBox restarts, you land on the account management page. Click Administration to go to the admin login page.
15. Enter your Username and Password and click Next.
Configure Proxy Server
Note: This is an optional step. If you require LogonBox to connect to your product via a proxy server:
1. On the Configure External Access page, select the I need to configure the proxy settings to allow access to the update server option.
2. Select the Proxy Type.
3. Enter the Proxy Host and the Proxy Port.
4. Click Next.
You have completed the LogonBox setup.
Step 4 - Set Up Active Directory
Once you've installed LogonBox, you can connect LogonBox to your Active Directory (AD).
Note: LogonBox communicates with your Active Directory using SSL, ensuring all passwords and actions are secured. If you haven't set up SSL, see Enable SSL on Active Directory.
1. Click the Administration drop-down from the left menu and select User Directory.
2. Click Configure User Database from the top left of the page.
3. Enter the Realm Name.
4. Set the Realm Type to Active Directory.
5. Enter the Hostname - your domain controller's fully qualified hostname.
6. Enter the Domain - your Active Directory's fully qualified domain name.
7. Enter the Service Username and the Service Password - the account associated with these credentials connects to the AD to get the user/group lists.
Note: Ensure this account is either an AD administrator or has rights to edit user objects such that LogonBox can create new AD accounts. See Delegating Permissions to an AD Service Account to learn more.
8. Click Update.
9. LogonBox starts synchronizing with your AD. Click the Refresh icon after a couple of minutes to view the AD users that have synced.
Note:
- If you are using LogonBox SSPR's SaaS service or a cloud instance, you must install a secure node agent connection in your network. The secure node agent provides a dedicated, zero firewall callback service to LogonBox's cloud service allowing your cloud tenant and on-premise AD to communicate securely. See Installing a Secure Node Agent to learn more about installing a secure node agent.
- Additionally, LogonBox provides options like filtering users by OU and groups and other advanced configuration options like using a custom protocol, backing up controllers, follow referrals, etc. See Connecting to an Active Directory to learn more.
You have successfully set up the Active Directory.
Step 5 - Configure Default HTTPS Certificate
Note:
- You must add a trusted certificate to your LogonBox server to prevent any certificate errors that your browser might display. This is also required if you use LogonBox Authenticator as one of the authentication modules in Step 3.
- We recommend you install a trusted certificate before making your LogonBox server live (you can skip this step if you want to test the server without adding the trusted certificate).
This guide will use a Let's Encrypt certificate. However, LogonBox allows you to upload your certificate. To learn more, see Certificates.
Prerequisites
- Ensure the Let's Encrypt feature is installed in your LogonBox. Go to Updates, Features & Licensing from the top right of the page and search for Lets Encrypt on the Installed tab. If it's not listed, go to the Security tab and download it.
- Ensure your LogonBox server is accessible over port 80. Let's Encrypt servers will communicate to the LogonBox server over this port to validate the certificate request.
- Ensure you have a public DNS hostname that resolves the IP address of your LogonBox server.
Create Let's Encrypt SSL Certificate
1. Click the Administration drop-down from the left menu and select Certificates.
2. Click Create Certificate.
3. Enter a Name.
4. Select a Certificate Type. It is set to RSA (2048 bits) by default.
5. Set Lets Encrypt as the Certificate Provider.
6. Click the Certificate tab.
7. Enter the CN - your certificate's common name. The CN should be a fully qualified hostname the users will use to access LogonBox.
8. Enter the OU - the organizational unit that owns this certificate.
9. Enter the Organization that owns this certificate.
10. Enter the owner's City, State, and Country.
11. Click Create. The newly created certificate gets added to the certificates' list.
Configure LogonBox to use the Let's Encrypt Certificate
1. Click the System Configuration icon from the top right of the page.
2. Select Interfaces.
3. Find the Default HTTPS interface and click the Edit icon.
4. Click the Protocol tab.
5. Select the recently created certificate from the Certificate drop-down.
6. Click Update.
7. Once updated, click the Power Options icon from the bottom right of the page.
8. Click Restart.
9. Once the LogonBox server restarts, refresh the page one more time.
The LogonBox server reloads with the new HTTPS certificate, and your browser indicates the connection is secure.
You have successfully created a Let's Encrypt SSL certificate and configured LogonBox to use it.
Step 6 - Configure Two-factor Authentication
Note: This is an optional step. Skip this step if you have configured two-factor authentication while setting up LogonBox (See Step 3 - Set Up LogonBox). Follow these steps to configure two-factor authentication from the admin homepage:
1. On the administrative landing page, click Configure two-factor authentication from the Configuration Links.
2. Select two or more secondary factor authentication modules you want your users to use and click Next. This guide uses LogonBox Authenticator as one of the authentication modules.
3. Select the schemes to which the 2-factor authentication will apply and click Save.
You have successfully configured two-factor authentication for the LogonBox users.
Step 7 - Set Up an SMTP Server to Send Emails
By default, LogonBox uses a generic SMTP server to send messages and emails from your LogonBox server. If you want to change the default settings and use your SMTP server, follow the steps below:
Configure SMTP
1. Click the Business Rules drop-down from the left menu and select Messages.
2. Select the Settings tab.
3. Enter your SMTP server's Hostname and the Port.
4. Select your server's Protocol.
5. Enter the Username and Password of the account that sends messages to the users.
6. Enter the From Address and the From Name. From Address is the email address from which the emails are sent. From Name is the default name associated with From Address.
7. Enter the Reply Address and the Reply Name. Reply Address is the Reply-To address for the sent emails. Reply Name is the Reply-to name for the sent emails.
8. Set the Do not send to no-reply address option to ON.
9. Enter the period for Session Timeout in seconds.
10. Click Apply.
Configure Connections
1. Click the Connections tab.
2. Enter the Pool Size - the connection pool's core size. The SMTP connection pool keeps the specified connections open until shut down.
3. Enter the Max Pool Size - the number of connections that can be open at a server at any given time.
4. Enter the Pool Expiry period and the Pool Wait Time in milliseconds.
5. Click Apply.
Configure Email
1. Click the Email tab from the right.
2. Select a Tracking Image if required. This maintains the integrity of the sent emails.
3. Enter an Archive Address for the emails if required.
4. Enter the Server Name that's used for the messaging templates if required.
5. Enter the External Host if required. It's the hostname of your LogonBox server. LogonBox uses this hostname for all the links in the emails sent out to users.
6. Enter the Blocked Addresses if required.
7. Click Apply.
You have successfully set up an SMTP server to send emails. You can start sending different reminders to your users from Business Rules >> Messages.
Step 8 - Configure Messages
LogonBox uses message templates to send relevant emails to the users. These emails include notifications for expired certificates, linked accounts, new accounts, password reset, password reminders, and more. You can customize, test, and delete the message templates from the Message Templates page.
Once you set up the SMTP server, click the Business Rules drop-down from the left menu and select Messages.
This guide will configure message templates for:
- Profile Reminder - Reminds the users to complete their profile so that they can use access all LogonBox features, including resetting their passwords.
- Password Reset - Reminds the users to reset their passwords.
Configure the Profile Reminder Message
1. Find the Profile Reminder template.
2. Click the Edit icon from the rightmost column.
3. Set the Send At time for the users to receive the reminder.
4. Click the Plain tab. You can update the name, subject, and body of the message from this page.
7. Enter the message's Subject and Body.
Note:
- You can replace the variables in between ${ and } in the message body by clicking the ${} button. We recommend you do not change the ${c} variable.
- If you want to use the HTML templates, click the HTML tab, select an HTML template, and enter a message body.
8. Click the Options tab.
9. Set the Enabled option to ON.
10. Set the Archive option to ON if you want to archive the duplicate messages.
11. Set the Track option to ON if you want to track the message.
12. Click the Add icon to add Attachments to the message.
13. Click the Delivery tab.
14. Select the recipient email addresses from the Deliver To drop-down. The Deliver To options are:
- PRIMARY - Email addresses from the user directory
- ALL - All of the users' email addresses that LogonBox possesses
- ONLY_ADDITIONAL - Only the email addresses listed below
- SECONDARY - An extra email list that you can add from the User Directory page
You can add Additional Recipients if a user is not in the selected group.
15. Enter a Reply-To Name and a Reply-To Email if you want to override the Reply-To name and Reply-To email set while configuring SMTP.
16. Click Save. The Enabled status for Profile Reminder should be Yes.
LogonBox sends the profile reminder message at the configured time. If you want to test the message, click the Send Test Email icon from the rightmost column, enter an Email Address, and click Send.
Configure the Password Expiring Message
1. Find the Password Expiring template.
2. Click the Edit icon from the rightmost column.
3. Enter the Warn Days. LogonBox reminds the recipients on the specified days before the password expiry. You can enter multiple warn days.
4. Set the Send At time for the users to receive the reminder.
5. Set the Synchronize option to ON if you want to synchronize the users' information from the remote directory before checking the password expiry dates.
6. Click the Plain tab.
7. Enter the message's Subject and Body.
Note:
- You can replace the variables in between ${ and } in the message body by clicking the ${} button. We recommend you do not change the ${c} variable.
- If you want to use the HTML templates, click the HTML tab, select an HTML template, and enter a message body.
8. Click the Options tab.
9. Set the Enabled option to ON.
10. Set the Archive option to ON if you want to archive the duplicate messages.
11. Set the Track option to ON if you want to track the message.
12. Click the Add icon to add Attachments to the message.
13. Click the Delivery tab.
14. Select the recipient email addresses from the Deliver To drop-down. The Deliver To options are:
- PRIMARY - Email addresses from the user directory
- ALL - All of the users' email addresses that LogonBox possesses
- ONLY_ADDITIONAL - Only the email addresses listed below
- SECONDARY - An extra email list that you can add from the User Directory page
You can add Additional Recipients if a user is not in the selected group.
15. Enter a Reply-To Name and a Reply-To Email if you want to override the Reply-To name and Reply-To email set while configuring SMTP.
16. Click Save. The Enabled status for Password Expiring should be Yes.
LogonBox sends the password expiring reminder on the configured days and times. If you want to test the message, click the Send Test Email icon from the rightmost column, enter an Email Address, and click Send.
You have successfully configured profile reminder and password expiring messages. This completes the server-side setup. Users can now set up their profiles and start using LogonBox and explore its features.
IMPORTANT: Forward the 443 port from your external network to the LogonBox server's IP, or use a proxy/load balancer to forward traffic from your external IP to make LogonBox externally accessible. Here are some helpful guides:
https://www.noip.com/support/knowledgebase/general-port-forwarding-guide/
https://www.hellotech.com/guide/for/how-to-port-forward
(These are external guides to help you understand port forwarding. Do not fully rely on these guides for port forwarding.)
Step 9 - Configure User Profile
This step helps you (users) configure your profile and start using LogonBox.
Note:
- This step is for regular users.
- LogonBox requires a first-time user to use the authentication modules selected in Step 3 to configure their profile. This guide will use the LogonBox authenticator and security questions to configure the user profile. See Step 3 - Set Up LogonBox to learn more.
- Once you (user) configure your profile, you can securely use the selected authentication modules to change your password.
Prerequisite:
Download the LogonBox app from the Play Store (Android) or the App Store (iPhone).
1. Access the LogonBox server and click My Account.
2. Enter your Username and Password and click Next.
3. Select LogonBox Authenticator as the authentication module and click Next. LogonBox displays a QR code on the page.
4. Open the LogonBox app on your phone and select Scan QR.
5. Scan the QR code. The LogonBox app lists the server along with the associated username.
6. Go back to the LogonBox server and click Next. LogonBox immediately prompts an authorization request in your LogonBox app.
7. In the LogonBox app, select Authorize.
8. Follow the security prompts on your phone to authorize the LogonBox server. Your LogonBox authenticator profile is now complete.
You can now use this profile in the LogonBox app to reset your password.
9. Go back to the LogonBox server and finish your profile setup. You have to configure any additional authentication module assigned to you. This guide uses security questions as the additional authentication module.
10. Select a question from the drop-down.
11. Enter and re-enter your answer in the boxes below.
12. Click Next.
13. Set up four more security questions and answers and click Next. LogonBox redirects you to your home page.
You can go to My Credentials and view your current LogonBox Authenticator devices.
You have successfully configured your user profile.
Step 10 - Reset Your Password
Once you configure your profile, you can reset your password. If you have used the same authentication schemes for My Account and Unlock Account, you can log in to these spaces without further configuration.
1. Go to your LogonBox server's login page.
2. Select Reset Password.
3. Enter your Username and click Next. LogonBox prompts you to verify your identity.
4. On your phone, open the LogonBox Authenticator application and authorize the request. Once the authorization is complete, LogonBox redirects you to the password reset page.
5. Enter a new password, confirm it, and click Change Password. Ensure your new password follows LogonBox's Default Domain Policy.
6. Click Continue.
You have successfully changed your password. You can now log in to LogonBox using the new password.