Search Results :

×

Steps to Enable 2FA on top of ADFS Authentication

Steps to Enable 2FA on top of ADFS Authentication

The miniOrange ADFS MFA connector helps you to enable Two Factor Authentication (2FA) for your users to protect the access to Microsoft Active Directory Federation Services (ADFS) by adding a second layer of authentication challenge to existing username and password of ADFS Deployment. This extra layer prevents the unauthorized person from accessing the resources even if cyber attackers get to know your credentials.


ADFS SSO Authentication Flow with miniOrange MFA Connector:

2FA Two Factor Authentication for ADFS Radius Client VPN :Authentication Flow

  • A user attempts access to ADFS protected service with username / password.
  • The username / password is verified against an existing first factor directory (i.e. Active Directory)
  • Once the user's first level of authentication gets validated ADFS sends the confirmation to miniOrange Authentication Server.
  • Now miniOrange Authentication Server asks for a 2-factor authentication challenge to the user.
  • Here user submits the response/code which he receives on his hardware/phone.
  • User response is checked at miniOrange’s Authentication Server side.
  • On successful 2nd factor authentication the user is granted access to login.

Install miniOrange ADFS MFA Adapter

  • First, download the miniOrange MFA Adapter.
  • Login into miniOrange Admin Console.
  • Go to Product Settings. Copy Customer Key and Customer API Key.
    • Admin console: Go to admin console

    Copy customer key and customer API

  • Add the details like Customer Key and Customer API Key in Install.ps1 file.
    • Add customer key and customer API details

  • Run the Install.ps1 file on ADFS server in administrator mode.
  • Press Y to continue registration.
    • Run Install.ps1

  • Restart the ADFS service using the following command:
    1. Net stop adfssrv
    2. Net start adfssrv
  • Edit the access control policy for the already added Relying Party Trust or any Application Group and select Permit everyone and require MFA to enable mfa after login.
    • Login with ADFS 2FA

  • Go to Authentication methods > Edit Multi Factor Authentication and select miniOrange MFA. Apply the settings.
    • Login with ADFS 2FA


User Experience

After entering the username and password into the AD FS login, user will be prompted for 2 factor method which is already configured for the user or set as default by the admin. Once the 2 factor gets authenticated, the user gets signed in.

credentials dashboard ADFS 2FA

Steps to Unregister
  • Open Powershell on ADFS server in administrator mode.
  • Use the command to Unregister the adapter:
    Unregister-AdfsAuthenticationProvider -Name "miniOrangeADFSMFA"
  • Restart the adfs service using the following command:
    • Net stop adfssrv
    • Net start adfssrv

    You have successfully enabled the Two-Factor Authentication (2FA) by using miniOrange ADFS MFA Connector.


    External References
    Hello there!

    Need Help? We are right here!
    support
    Contact miniOrange Support
    success

    Thanks for your inquiry.

    If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com