3.1.7.3. Captive VPN workflows

In the ON Captive menu, open the Captive VPN workflows. We will see the following interface:

../../../_images/captive_vpn_workflows_menu.png


To create a new Captive VPN workflow, click on the Add new button to open the corresponding window. Execute the following configurations on the different tabs to set a Captive VPN workflow:

3.1.7.3.1. General

In the General tab, we can find the following fields:

../../../_images/captive_vpn_workflows_add_new.png


  • Name: Name of the captive VPN workflow.

  • Description: Description of the captive VPN workflow.

  • Compliance tag: Tag that will define the compliance of the captive VPN workflow.

  • Allow execution without installable agent (Linux only): Enable this flag to allow the execution of this flow when there is no Agent installed. Only for Linux operating systems.

  • VPNGW farm: Select a VPNGW farm to assign this workflow to.

  • Display workflow on main page: Enable this flag to display the workflow and make it available on the main page.

3.1.7.3.2. Identification

In the Identification tab, we can find different modules.

../../../_images/captive_vpn_workflows_add_new_identification.png


The first module is called Service provider (SP) and includes the following fields:

  • Authentication source name: SP name.

  • Entity ID of the service provider (SP): URL of the SP. In this case, the core acts as an SP, that is why the entity ID is the core domain.

  • Entity ID of the IdP that the SP should contact: URL of the IDP that will contact the SP.

The second module is called Remote IDP and includes the following field:

../../../_images/captive_vpn_workflows_add_new_identification_remoteidp.png


  • Metadata: Metadata of the IDP. The metadata you should enter here can be found in the IDP.

The third module is called Federation (SP metadata) and we can find the link to get access to our SP metadata. We will only need to replace the captive_portal_ip_or_domain variable with the correct one when browsing the metadata.

../../../_images/captive_vpn_workflows_add_new_identification_federation.png


Finally, the fourth module is called User attributes and includes the following fields:

  • User name attribute: Attribute that will return a user specific username.

  • E-mail attribute: Attribute that will return a user specific email.

  • User groups attribute: Attribute that will return a user specific groups.

  • Additional attributes: Permits to add new attributes with the specific item we want to get.

3.1.7.3.3. Notification

There is a single field in the Notification tab:

../../../_images/captive_vpn_workflows_add_new_notification.png


  • Notification Type: We can configure it to not receive notifications, or to receive them in the email.

3.1.7.3.4. Views

There are four configurations for the Views tab: agent, authorize, index and quarantine. They are configured by default, but allows customization.

../../../_images/captive_vpn_workflows_add_new_views.png