Otu esi edobe njirimara VPN Hailbytes
Okwu Mmalite
Ugbu a ị nwere ntọala HailBytes VPN ma hazie ya, ị nwere ike ịmalite inyocha ụfọdụ atụmatụ nchekwa HailBytes ga-enye. Ị nwere ike ịlele blọọgụ anyị maka ntuziaka nhazi na atụmatụ maka VPN. N'isiokwu a, anyị ga-ekpuchi ụzọ nyocha nke HailBytes VPN na-akwado yana otu esi etinye usoro nyocha.
Overview
HailBytes VPN na-enye ụzọ nyocha dị iche iche na-abụghị nyocha mpaghara ọdịnala. Iji belata ihe egwu nchekwa, anyị na-akwado gbanyụọ nkwenye mpaghara. Kama, anyị na-akwado nkwenye multi-factor (MFA), OpenID Connect, ma ọ bụ SAML 2.0.
- MFA na-agbakwunye nchekwa nchekwa n'elu njirimara mpaghara. HailBytes VPN gụnyere ụdị arụnyere n'ime mpaghara yana nkwado maka MFA mpụga maka ọtụtụ ndị na-enye njirimara ama ama dị ka Okta, Azure AD na Onelogin.
- Jikọọ OpenID bụ oyi akwa njirimara wuru na protocol OAuth 2.0. Ọ na-enye ụzọ echedoro na ahaziri ahazi iji nyochaa ma nweta ozi onye ọrụ site na onye na-eweta njirimara na-enweghị ịbanye ọtụtụ oge.
- SAML 2.0 bụ ọkọlọtọ mepere emepe dabere na XML maka ịgbanwe ozi nkwenye na ikike n'etiti ndị otu. Ọ na-enye ndị ọrụ ohere iji onye na-eweta njirimara nyochaa otu ugboro na-enweghị ịmeghachi nyocha iji nweta ngwa dị iche iche.
Mepee ID Jikọọ na Azure Ntọala
Na ngalaba a, anyị ga-enyocha nkenke otu esi ejikọta ndị na-eweta njirimara gị site na iji OIDC Multi-Factor Authentication. Ezubere ntuziaka a maka iji Azure Active Directory. Ndị na-enye njirimara dị iche iche nwere ike ịnwe nhazi na-adịghị ahụkebe na nsogbu ndị ọzọ.
- Anyị na-akwado ka ị jiri otu n'ime ndị na-eweta nkwado na nwalere nke ọma: Azure Active Directory, Okta, Onelogin, Keycloak, Auth0, na Google Workspace.
- Ọ bụrụ na ị naghị eji onye na-eweta OIDC akwadoro, a chọrọ nhazi ndị a.
a) discovery_document_uri: Nhazi onye na-eweta OpenID Jikọọ URI nke na-eweghachi akwụkwọ JSON ejiri wuo arịrịọ na-esote onye na-eweta OIDC a. Ụfọdụ ndị na-enye ọrụ na-ezo aka na nke a dị ka "URL a ma ama".
b) client_id: NJ onye ahịa nke ngwa ahụ.
c) client_secret: nzuzo nzuzo nke ngwa.
d) redirect_uri: Na-enye ndị na-eweta OIDC ntụziaka ebe a ga-atụgharị ya mgbe nyochachara ya. Nke a kwesịrị ịbụ Firezone EXTERNAL_URL + /auth/oidc/ /callback/, eg https://firezone.example.com/auth/oidc/google/callback/.
e) nzaghachi_type: Tọọ koodu.
f) obosara: OIDC scopes iji nweta n'aka onye na-eweta OIDC gị. Opekempe, Firezone chọrọ oghere mepere emepe yana email.
g) akara: Ederede akara bọtịnụ egosiri na ibe nbanye Firezone portal.
- Gaa na ibe akwụkwọ ndekọ aha Azure na Portal Azure. Họrọ njikọ ndebanye aha ngwa n'okpuru Jikwaa menu, pịa Ndebanye aha ọhụrụ, wee debanye aha mgbe itinyechara ihe ndị a:
a) Aha: Firezone
b) Ụdị akaụntụ akwadoro: (Nanị ndekọ ndekọ aha - Otu onye nwe ụlọ)
c) Redirect URI: Nke a kwesịrị ịbụ Firezone EXTERNAL_URL + /auth/oidc/ /callback/, eg https://firezone.example.com/auth/oidc/azure/callback/.
- Mgbe ị debanyere aha, mepee nkọwa nkọwa nke ngwa ahụ ma detuo NJ ngwa (onye ahịa). Nke a ga-abụ uru client_id.
- Mepee menu ngwụcha ka iweghachite akwụkwọ metadata Jikọọ OpenID. Nke a ga-abụ uru discovery_document_uri.
- Họrọ njikọ Asambodo & nzuzo n'okpuru Jikwaa menu wee mepụta nzuzo onye ahịa ọhụrụ. Detuo ihe nzuzo onye ahịa. Nke a ga-abụ uru_nzuzo ahịa.
- Họrọ njikọ ikike API n'okpuru Jikwaa menu, pịa Tinye ikike, wee họrọ Microsoft Graph. Tinye email, openid, offline_access na profaịlụ na ikike achọrọ.
- Gaa na ibe / ntọala / nchekwa na portal admin, pịa "Tinye OpenID Connect Provider" wee tinye nkọwa ndị ị nwetara na usoro dị n'elu.
- Kwado ma ọ bụ gbanyụọ nhọrọ ịmepụta ndị ọrụ na-akpaghị aka ịmepụta onye ọrụ na-enweghị ohere mgbe ị na-abanye site na usoro nyocha a.
Ekele! Ị ga-ahụ Nbanye na bọtịnụ Azure na ibe nbanye gị.
mmechi
HailBytes VPN na-enye ụzọ nyocha dị iche iche, gụnyere nyocha multi-factor, OpenID Connect, na SAML 2.0. Site na ijikọ OpenID Jikọọ na Azure Active Directory dị ka egosiri na akụkọ a, ndị ọrụ gị nwere ike nweta akụrụngwa gị nke ọma na nchekwa na igwe ojii ma ọ bụ AWS.
