Files of  Axidian AM MFA Provider reside in: axidian AM\Axidian AM Providers\Axidian AM MFA Provider\

  • Server\<version number>\AxidianAM MFA Provider.msi -  is the installation package of  Axidian AM MFA Provider to Axidian AM server.
  • Client\<version number>\AxidianAM MFA Provider.msi - is the installation package of Axidian AM MFA Provider to client computers.
  • \Misc - folder contains policy templates.

Axidian AM MFA Provider

You can use this provider to set the authentication sequence for multi-factor authentication in the Axidian AM Windows Logon and Axidian Am ESSO Agent. 

Installation 

  1. Please use the Axidian AM MFA Provider.msi file to install the MFA Provider on the Axidian AM server and on your computer.

    If your infrastructure requires multiple Axidian AM servers, make sure to install the provider on all relevant servers. 

  2. You may need to restart the system after installation. If the setup program prompts you to restart the system, click Yes
  3. The product can be removed/restored by using a standard method supported by your operating system (via the Control Panel).

How to set up authentication parameters

Before you begin customization of your group policy, please add the Axidian AM policy templates to the list of administrative templates. Policy templates are a part of the provider's installation package and can be found in the Misc directory. The policy should apply to all Axidian AM servers and all client machines.

  1. Open the Multi-factor Authentication Sequence Settings policy. Use this path to locate the policy: Administrative templates\Axidian-ID\Id Providers\MFA. 
  2. Set the policy value to Enabled

  3. In the Multi-factor Authentication Sequence parameter, add in columnar form the IDs of authentication providers that will be used in the sequence.

    A restricted provider can be used in the MFA provider sequence.

    For example sequence Axidian AM Passcode + Axidian AM SMS OTP:

    {F696F05D-5466-42b4-BF52-21BEE1CB9529}

    {EBB6F3FA-A400-45F4-853A-D517D89AC2A3}

    Supported Provider ID List:

    {EBB6F3FA-A400-45F4-853A-D517D89AC2A3} - SMS OTP

    {F696F05D-5466-42b4-BF52-21BEE1CB9529} - Passcode

    {0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0} - Software OTP

    {CF189AF5-01C5-469D-A859-A8F2F41ED153} - Windows Password

    {CB5109DA-B575-422C-8805-524FE12B02F5} - Z2 USB

    {A0EF00AD-1EEB-4D48-8BCF-06E19CD5585F} - Futronic

    {0AF65AD8-DB77-4B64-B489-958D9B36E28C} - Smart card or USB key

    {4B15AF52-A795-4CA6-B7CD-CDB8ABF2D2C2} - HID OMNIKEY

  4. In the Device Name parameter, please specify the name of the new sequence. Default value: MFA.

    This value will be displayed as the user's MFA device name and in the system events list.

Axidian AM MFA Authentication

The Axidian AM Windows Logon component and the provider chain Axidian AM Passcode + Axidian AM SMS OTP are used in this example.

  1. Select the Multi-factor Authentication provider.
  2. Insert details for the first provider in the chain. 
  3. Insert details for the second provider in the chain.
  4. Log into the system.



  • No labels