Files of  Indeed AM MFA Provider reside in: indeed AM\Indeed AM Providers\Indeed AM MFA Provider\

  • Server\<version number>\IndeedAM MFA Provider.msi -  is the installation package of  Indeed AM MFA Provider to Indeed AM server.
  • Client\<version number>\IndeedAM MFA Provider.msi - is the installation package of Indeed AM MFA Provider to client computers.
  • \Misc - folder contains policy templates.

Indeed AM MFA Provider

You can use this provider to set the authentication sequence for multi-factor authentication in the Indeed AM Windows Logon and Indeed Am ESSO Agent. 

Installation 

  1. Please use the Indeed AM MFA Provider.msi file to install the MFA Provider on the Indeed AM server and on your computer.

    If your infrastructure requires multiple Indeed AM servers, make sure to install the provider on all relevant servers. 

  2. You may need to restart the system after installation. If the setup program prompts you to restart the system, click Yes
  3. The product can be removed/restored by using a standard method supported by your operating system (via the Control Panel).

How to set up authentication parameters

Before you begin customization of your group policy, please add the Indeed AM policy templates to the list of administrative templates. Policy templates are a part of the provider's installation package and can be found in the Misc directory. The policy should apply to all Indeed AM servers and all client machines.

  1. Open the Multi-factor Authentication Sequence Settings policy. Use this path to locate the policy: Administrative templates\Indeed-ID\Id Providers\MFA. 
  2. Set the policy value to Enabled
  3. In the Multi-factor Authentication Sequence parameter, add in columnar form the IDs of authentication providers that will be used in the sequence.

    A restricted provider can be used in the MFA provider sequence.

    For example sequence Indeed AM Passcode + Indeed AM SMS OTP:

    {F696F05D-5466-42b4-BF52-21BEE1CB9529}

    {EBB6F3FA-A400-45F4-853A-D517D89AC2A3}

    Supported Provider ID List:

    {EBB6F3FA-A400-45F4-853A-D517D89AC2A3} - SMS OTP

    {F696F05D-5466-42b4-BF52-21BEE1CB9529} - Passcode

    {0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0} - Software OTP

    {CF189AF5-01C5-469D-A859-A8F2F41ED153} - Windows Password

    {CB5109DA-B575-422C-8805-524FE12B02F5} - Z2 USB

    {A0EF00AD-1EEB-4D48-8BCF-06E19CD5585F} - Futronic

    {0AF65AD8-DB77-4B64-B489-958D9B36E28C} - Smart card or USB key

    {4B15AF52-A795-4CA6-B7CD-CDB8ABF2D2C2} - HID OMNIKEY

  4. In the Device Name parameter, please specify the name of the new sequence. Default value: MFA.

    This value will be displayed as the user's MFA device name and in the system events list.

Indeed AM MFA Authentication

The Indeed AM Windows Logon component and the provider chain Indeed AM Passcode + Indeed AM SMS OTP are used in this example.

  1. Select the Multi-factor Authentication provider.
  2. Insert details for the first provider in the chain. 
  3. Insert details for the second provider in the chain.
  4. Log into the system.



  • No labels