0

How to Configure the Canary Admin to Require Authentication for Local Admins (version 22)

By default, the Canary Admin allows anonymous access for local users via the 'Net.Pipe' endpoint.

 

If wishing to restrict local admin access, simply uncheck this box. Before doing so, ensure the desired users/groups are on the 'ALLOW' list on the 'Access' screen as once the change is applied, the user will be prompted to authenticate if they are not on the list.

When a local user opens the admin client it will first attempt to authenticate the logged on user using their Windows credentials. If the local user is on the Access list, they will be granted access and not be prompted for a username/password. If the user is not on the list, a screen will appear prompting them for a username/password. Either one of these endpoints can be disabled from the 'Endpoints' tab shown in the first screen shot.

2 replies

null
    • vincent_verruto
    • 2 yrs ago
    • Reported - view

    Can this pair up with SSO (Azure AD) credentials to ensure identification of which users are performing specific actions in the Admin console?  Does it also work for "remote administration" through the Canary Admin "thick client" when connecting to a Canary-hosted cloud setup?

      • smason
      • 1 yr ago
      • Reported - view

      Currently, Axiom is the only application that supports SSO.

      As for connecting remotely to a Canary-hosted system, Canary generates the admin user(s) for clients to use when they connect.