Gatekeeper Admin Tool

The Gatekeeper Admin Tool provides an overview of the installed components and can be used to manage the system wide configuration settings created during installation.

Gatekeeper


The following settings can be configured from the Gatekeeper tab.

Upgrade Gatekeeper Admin Tool

For more information on upgrading to the latest version of Specops Authentication, click here.

Change proxy settings

If your organization is using a forward proxy server to route internet traffic externally, you will need to configure the proxy server to allow the Gatekeeper to reach the internet. Click Edit on the Proxy row and specify the address as a complete URL, including the protocol and any custom port.

NOTE
You can also specify proxy settings for accessing Gatekeepers from the top corner of the Admin Tool.

Update useful links

Click Update to refresh the list of useful links.

Active Directory Settings


The following settings can be configured from the Active Directory Settings tab.

Edit the scope of management

The Active Directory scope determines which users can use the Specops Authentication service.

  1. On the Gatekeeper Admin Tool , click Active Directory Settings.
  2. Find the row where the current Active Directory scope is displayed, and click Edit.
  3. Select the desired Active Directory scope, and click Add. Multiple locations can be selected if you want multiple scopes of management.
  4. Click OK.

Enable password resets in Specops Authentication

You can enable the uReset and Secure Service Desk features in Specops Authentication. For uReset enable end-users to address common tasks related to password management, including forgotten passwords. This feature is locked unless you have uReset as a part of your subscription. For Secure Service Desk this enables the administration of users in Secure Service Desk. This feature is locked unless you have Secure Service Desk as a part of your subscription.

  1. In the Gatekeeper Admin Tool, click Active Directory Settings.
  2. In the Active Directory Settings section, click Change in the Allow password resets row.
  3. Select one of the following options when enabling the password reset feature:
    • Standard Security Mode: All users that are members of the Specops Authentication Service Desk Agents group will be able to reset passwords for other users.
    • Delegated Security Mode: The access control for resetting passwords for other users is based on the actual security configuration (‘reset password’ permission) in Active Directory.
  4. Click OK.

Add/remove members to security groups

You can add additional members to the Admin, User admin, Gatekeepers, and Reporting Readers groups. Users that are members of the Admin group are portal administrator on the Specops Authentication Web . Users that are members of the User Admin group are able to access the user management features on the Specops Authentication Web . Users that are members of the Gatekeepers group have permission to read user information.

  1. On the Gatekeeper Admin Tool , click Active Directory Settings.
  2. Find the security group you want to edit, and click Edit members.
  3. To add a member, click Add member, and enter the name of the user or group you want to add, then click OK.
  4. To remove a member, select a member from the Group members list, and click Remove selected member, then click OK.
  5. Click OK.

Reporting Readers group

Members of the Reporting Readers security group in the Gatekeeper Admin Tool can log in to Specops Authentication Web to view reports. Unless they are also members of other security groups, they will not see any other sections in Specops Authentication Web.

Members in this group will be able to see all reports related to the account. You cannot filter which reports are visible or not.

Specify preferred Domain Controller

By default, Specops Authentication will use the closest available Domain Controller. Click Change to specify the preferred Domain Controller.

Office 365


From the Office 365 tab you can tag the GPOs you want to use with Specops Authentication . Affected users can have their authentication, provisioning, and licensing settings configured from the Specops Authentication Web . Alternatively, if you want Specops Authentication to be applied to the scope selected during the Gatekeeper installation, skip this step, and select Cloud in the last step when configuring Specops Authentication with O365.

  1. On the Gatekeeper Admin Tool , click Office 365.
  2. Click Tag GPOs, select the Group Policy, and click OK.

Update useful links

Click Update to refresh the list of useful links.

Email configuration


If you do not wish to use the default Specops configuration, which uses third-party providers, such as SendGrid, to send email notifications, you can configure your own SMTP provider in this section of the Gatekeeper Admin Tool. For information on editing the default Specops configuration in Specops Authentication Web, please refer to the Specops Authentication Web page.

NOTE
Configuring the SMTP setting in the Gatekeeper Admin Tool will disable any configuration in Specops Authentication Web.

Configuring SMTP settings

SMTP settings can be configured in three ways:

  • Using the Specops Default Configuration (configured in Specops Authentication Web
  • Using SMTP with anonymous access
  • Using SMTP with basic authentication
  1. Click Edit
  2. Select which type of configuration you would like to use from the drop-down (anonymous or basic authentication)
  3. Enter the domain for the SMTP server (required field)
  4. Set the maximum number of concurrent connections the Gatekeeper will use whan sending emails.
    NOTE
    Any time changes are made in this field, all affected Gatekeepers need to be restarted.
    NOTE
    The default for the maximum number of concurrent connections is set to 10. Please consult your SMTP server documentation on how many concurrent connections are allowed.
  5. Enter the SMTP port (default is set to port 25)
  6. Use the dropdown to set whether TLS (Transport-Level Security) is to be used.
    NOTE
    Set this option to Yes if you want to enable encryption for outgoing mail. Note that enabling TLS will automatically set the SMTP port to 587.
    NOTE
    Note that a valid SSL certificate is required to use TLS when sending SMTP mails.
  7. Enter the Sender Email Address (required field) and Sender Display Name
  8. For Basic Authentication only: enter the SMTP username and password
  9. Click OK
  10. Click OK in the success dialog box and restart all Gatekeepers if the Max concurrent connection option was changed.