Meet us at RSA Conference to explore our solutions. Know More
 +1 978 658 9387    Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×
  • IAM
  • Steps to Enable 2FA on top of ADFS Authentication

Steps to Enable 2FA on top of ADFS Authentication

The miniOrange ADFS MFA connector helps you to enable Two Factor Authentication (2FA) for your users to protect the access to Microsoft Active Directory Federation Services (ADFS) by adding a second layer of authentication challenge to existing username and password of ADFS Deployment. This extra layer prevents the unauthorized person from accessing the resources even if cyber attackers get to know your credentials.


ADFS SSO Authentication Flow with miniOrange MFA Connector:


2FA Two Factor Authentication for ADFS Radius Client VPN :Authentication Flow

  • A user attempts access to ADFS protected service with username / password.
  • The username / password is verified against an existing first factor directory (i.e. Active Directory)
  • Once the user's first level of authentication gets validated ADFS sends the confirmation to miniOrange Authentication Server.
  • Now miniOrange Authentication Server asks for a 2-factor authentication challenge to the user.
  • Here user submits the response/code which he receives on his hardware/phone.
  • User response is checked at miniOrange’s Authentication Server side.
  • On successful 2nd factor authentication the user is granted access to login.

Install miniOrange ADFS MFA Adapter

  • First, download the miniOrange MFA Adapter.
  • Login into miniOrange Admin Console.
  • Go to Product Settings. Copy Customer Key and Customer API Key.
    • Admin console: Go to admin console

    Copy customer key and customer API

  • Add the details like Customer Key and Customer API Key in Install.ps1 file.
    • Add customer key and customer API details

  • Run the Install.ps1 file on ADFS server in administrator mode.
  • Press Y to continue registration.
    • Run Install.ps1

  • Restart the ADFS service using the following command:
    1. Net stop adfssrv
    2. Net start adfssrv
  • Edit the access control policy for the already added Relying Party Trust or any Application Group and select Permit everyone and require MFA to enable mfa after login.
    • Login with ADFS 2FA

  • Go to Authentication methods > Edit Multi Factor Authentication and select miniOrange MFA. Apply the settings.
    • Login with ADFS 2FA

User Experience

After entering the username and password into the AD FS login, user will be prompted for 2 factor method which is already configured for the user or set as default by the admin. Once the 2 factor gets authenticated, the user gets signed in.

credentials dashboard ADFS 2FA

Steps to Unregister

  • Open Powershell on ADFS server in administrator mode.
  • Use the command to Unregister the adapter:
    Unregister-AdfsAuthenticationProvider -Name "miniOrangeADFSMFA"
  • Restart the adfs service using the following command:
    • Net stop adfssrv
    • Net start adfssrv

You have successfully enabled the Two-Factor Authentication (2FA) by using miniOrange ADFS MFA Connector.

External References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products

Single Sign-On

Seamless login for workforce and customer identity to cloud or on-premise apps

Learn more

Multi-factor Authentication

Secure access for identities with an additional layer of authentication

Learn more

Adaptive Authentication

Block or grant user access based on IP, Device, Time & Location

Learn more

Lifecycle Management

Manage & automate user provisioning and deprovisioning to apps

Learn More