Thank you for choosing WiKID Systems for your two-factor authentication needs! While we recommend reading the complete installation manual to get a full understanding of how the WiKID Authentication System works, we realize that not everyone will read the fine manual.
Before you start, you will need an externally routable IP address, an internally routable IP address (or you can NAT the server), ethernet connections and the associated information (gateway, DNS, etc.)
- If you are using the ISO at the terminal, you will get a prompt. Enter the username root and the password wikid. Set your timezone and change the root password, as prompted.
- Type wikidctl setup (package users may need to use /opt/WiKID/bin/wikidctl setup) and enter the appropriate information. N.B.: when configuring the SSL certificate you will be asked for your first and last name – enter the fully qualified domain name instead! If you have only one WiKID server, enter N when prompted about replication.
- Type 'wikidctl start'
- From a web browser, go to http://(ipaddress or fully qualified domain name)/ WiKIDAdmin/. Enter WiKIDAdmin as the username and 2Factor as the password. Please reset these under Configuration, Manage Administrators.
- Click on the Configuration tab and click on Create an Intermediate CA. Fill in the appropriate information and hit submit. You will see a link to submit the CA for processing to https://ca.wikidsystems.com. Submit you signing request under the evaluation link and you will receive the signed certificate back. Do not lose or forget this passphrase, you will use it to start the WiKID server.
- Copy the certificate to the clipboard and go to the Configuration page and select Install the Intermediate CA. Paste the CA here, enter the password you used in the previous step and submit.
- Return to the Configuration page and select Create a LocalHost Certificate. Fill out the information and create the cert.
- Return to the WiKID server terminal or SSH to the server and type 'wikidctl restart'. Once the server has stopped, type start. When prompted, type the passphrase you created for the Intermediate CA.
- Log back into the WiKIDAdmin web interface. Select the Domains tab and click Create New Domain. Enter a domain name, a device domain name and for the domain identifier enter the zero-padded IP address of the server. Thus, 206.189.30.1 becomes 206189030001.
- Start your WiKID client/token and select New Domain. Enter the domain identifier you created on the server. Enter your desired PIN. You will get a registration code.
- Go back to the WiKIDAdmin web interface. Select the Users tab and select Manually Validate a User. You will see your registration code. Click on it and enter your username.
- Now add network clients - whatever services you are adding two-factor authentication to or your radius server such as freeradius or NPS - on the Network Client page. You will need to restart the wikid service after adding a network client ('wikidctl restart').
Congratulations! You've got two-factor authentication!
If you are unsure about where two-factor fits in your network or how to integrate authorization by your directory (LDAP or Active Directory) with two-factor authentication, please download our eGuide: How to add two-factor authentication to your network.