Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
The latter implements a provider of multi-factor authentication for Microsoft ADFS server, thus adding the second factor to the access gaining process.
Info |
---|
Files of Indeed AM ADFS Extension reside in: indeed AM\Indeed AM ADFS Extension\<Version number>\
|
Installation and configuration of ADFS Extension
- Install Indeed ADFS Extension by running IndeedAM.ADFS.Extension-x64.msi installer.
Create a configuration file named MFAAdapter.json with the following parameters.
Info id parameter of ModeId have different provider ID
{EBB6F3FA-A400-45F4-853A-D517D89AC2A3} - SMS OTP
{093F612B-727E-44E7-9C95-095F07CBB94B} - EMAIL OTP
{F696F05D-5466-42b4-BF52-21BEE1CB9529} - Passcode
{0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0} - Software OTP
{AD3FBA95-AE99-4773-93A3-6530A29C7556} - HOTP Provider
{CEB3FEAF-86ED-4A5A-BD3F-6A7B6E60CA05} - TOTP Provider
{DEEF0CB8-AD2F-4B89-964A-B6C7ECA80C68} - AirKeyProvider
Code Block language js title Example { "ServerType":"eaNet", "EANetServerURL":"http://YourDomainName/easerver/", "ModeId":"{0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0}", "LSEventCacheDirectory": "C:\\EventCacheEa\\" }
Run PowerShell as administrator. Enter the following data to register an adapter:
Info YourPatch\MFAAdapter.json - specify full path to the previously created configuration file.
Note Specify the version number of ADFS Extension used in $typeName variable, Version parameter.
Code Block language powershell title Example $typeName = "IndeedId.ADFS.MFAAdapter.MFAAdapter, IndeedId.ADFS.MFAAdapter, Version=1.0.6.0, Culture=neutral, PublicKeyToken=1ebb0d9282100d91" Register-AdfsAuthenticationProvider -TypeName $typeName -Name "Indeed Id MFA Adapter" -ConfigurationFilePath ‘YourPatch\MFAAdapter.json’
To remove an adapter, execute the following command:
Code Block language powershell title Example Unregister-AdfsAuthenticationProvider -Name "Indeed Id MFA Adapter"
To update configuration, execute the following command:
Code Block language powershell title Example Import-AdfsAuthenticationProviderConfigurationData -Name "Indeed Id MFA Adapter" -FilePath ‘YourPatch\MFAAdapter.json’
Activation of multi-factor authentication for ADFS.
- Open AD FS management console.
- Select “Authentication policies Policies”, and then select “Modify global multiEdit Global Multi-factor authenticationAuthentication...” in “Actions” window.Image Added
- Add a user/group and enable the following parameters:
- Select “Extranet” and “Intranet” in “Location” “Extranet” and “Intranet” in “Location” item.
- Select "Indeed Id MFA Adapter” Adapter” provider.Image Added
- Restart the AD FS service to apply the changes.
Example of extension operation.
- Open ADFS test page: https://YourDomainName/adfs/ls/idpinitiatedsignon.htm
- Perform logging in.
- Specify the second factor data after entering the username and password.
- If all data is entered correctly, log in is executed.
Backtotop