Two-factor authentication over Microsoft AD FS 3.0 and 4.0

With Protectimus, you can quickly and easily ensure a high level of protection for access to corporate web services and cloud resources by setting up two-factor authentication over AD FS 3.0 and 4.0

Reliable protection

Protectimus’s OATH-certified two-factor authentication solution is the best choice for protecting access to corporate applications if you use ADFS. Authentication using one-time passwords from Protectimus is a reliable means of protecting against brute-force attacks, keyloggers, most phishing attacks, social engineering, and man-in-the-middle attacks.

15-minute setup

If you use Active Directory Federation Services (AD FS) 3.0 or 4.0 in your network infrastructure, integrating a two-factor authentication solution from Protectimus will take no more than 15 minutes. Download the installer and setup instructions for the Protectimus ADFS component below. If you have any questions, contact our support team at [email protected].

Compatibility with a range of services

Through ADFS 3.0 and 4.0, you can configure Protectimus two-factor authentication for a wide variety of cloud services, including AWS, Asana, Desk, Dropbox, Evernote, Expensify, Freshdesk, GitHub, GoToMeeting, Jira SSO, Namely, Microsoft Office 365, OpenDNS, Salesforce, Citrix ShareFile, Slack, Splunk, SugarCRM, Sumo Logic, Cisco Webex, Workday, Workplace, Zendesk, and Zoom.

Protectimus ADFS

Active Directory Federation Services (ADFS) allows you to configure access using Single Sign-On (SSO) technology for all key web applications and cloud services used on your corporate network. That way, to log into a work account and access corporate applications and cloud services, users only need to be authenticated once. It's important to ensure maximally reliable protection for logons at this stage.

Introducing multi-factor authentication through ADFS can help you to manage this task. Using two different factors — knowledge (a username and password) and possession (an OTP generator token) — to protect access to confidential information and corporate web applications is one of the most reliable, effective, and attack-resistant security solutions in existence today. In the event that a user's password is intercepted or guessed, their account remains protected by the one-time password, and vice-versa.

The comprehensive ADFS multi-factor authentication solution from Protectimus is easy to integrate into your infrastructure if you use ADFS 3.0 or 4.0. For that purpose, we developed the Protectimus ADFS module, with an easy-to-use installer and detailed setup instructions which you can download below. If you run into any difficulties, our technical team will be happy to help you and answer any questions you may have.

The server component of the Protectimus ADFS 2-factor authentication solution is available through a SaaS model, or as an on-premise platform. For one-time password delivery, we offer the Protectimus Two and Protectimus Slim NFC hardware OTP tokens; the free Protectimus Smart software security token; SMS; email; and chatbots in Telegram, Viber, Messenger, and other messaging applications.

Extensive functionality

We offer not only a reliable two-factor authentication system compatible with ADFS, but also an extensive array of features, making the administration of Protectimus 2FA solution easy, intuitive, and effective

Time filters

Using time-based filters, you can easily manage employees' access times to corporate resources. An administrator can set up Protectimus ADFS two-factor authentication to allow employees to log into their accounts only at a predefined time, such as during business hours. At other times, logins will be blocked.

Event notifications

Protectimus ADFS multi-factor authentication system administrators have access to a range of administrative tools, including event notification functionality. The event monitoring feature allows an administrator to receive notifications about each important event that takes place in the system, sent directly to their phone or email.

Unified authentication ecosystem

With Protectimus, you can set up a powerful authentication ecosystem and manage all 2FA nodes from a single admin panel. The Protectimus two-factor authentication solution supports integration with ADFS, RADIUS, SAML, Citrix NetScaler, Citrix XenApp, VMware, RoundCube, Microsoft RDP and WinLogon right out of the box.

SaaS or On-premise platform

We recommend beginning with the SaaS model for testing. In terms of functionality, the service and platform are identical; to switch from cloud servers to local servers, you need only to change a couple lines in the configuration file

SaaS model

The cloud service is ready to use without requiring any additional efforts or infrastructure spendings from the client. There's no need to purchase additional equipment to support on-site servers. The system is deployed on a cluster of high-performance servers. A load balancer distributes the load amongst the servers. A monitoring system continually tracks the state of the network infrastructure, and Protectimus administrators are alerted about any possible threats or critical situations. A hardware security module guarantees the secure storage of cryptographic information.

On-premise platform

This is an ideal choice for those who want full control over their corporate infrastructure, authentication process, users data, and other confidential information. Another advantage of hosting the on-premise platform on your own servers is that the system doesn't require internet access in order to function. You can strengthen the security of your own isolated network using additional firewalls or other protective measures. However, the disadvantage lies in the additional time and costs associated with acquiring, setting up, and managing the required equipment and network infrastructure.

Supported services

The Protectimus ADFS component enables you to easily set up two-factor authentication for these services

Amazon Web Services, Asana, Adobe Document Cloud, Aha!, BambooHR, BlueJeans, Bomgar SSO, Bonusly, Box, Bugsnag, Canvas, Clarizen, CloudLock, Confluence SSO, Crashplan, CyberARK, Datadog, Desk, Digicert, DocuSign, Dropbox, EgnYte, Evernote, Expensify, Freshdesk, GitHub, Citrix GoToMeeting, Greenhouse, GSuite, Hackerone, HackerRank, Heroku, Atlassian HipChat, Igloo, Intacct, Jamf PRO, JitBit, Jira SSO, Looker, Merketo, Cisco Meraki, Namely, NetDocuments, New Relic, Microsoft Office 365, OpenDNS, Pagerduty, PaloAlto Networks, RemedyForce, RingCentral, Robin, Salesforce, Samanage, SauceLabs, Citrix shareFile, Signal Science, Slack, SmartSheet, Splunk, StatusPage, SugarCRM, Sumo Logic, Syncplicity, Tableau, Udemy, Usevoice, Cisco Webex, Workday, Workplace, Zendesk, Zoom, and others.

Easy setup

Quickly and effortlessly configure two-factor authentication for any service supporting ADFS

Register with the service

Register with Protectimus 2FA cloud service. To do so, follow this link, fill out the registration form, and confirm your email address

Activate a payment plan

To use Protectimus SaaS platform and enable the API, you'll need to activate a payment plan. To do so, navigate to the “Payment plans” section

Creating a Resource

Resources are used to logically group users and OTP tokens. To create a resource, click "Resources" in your account, in the menu to the left, and then click "Add resource" at the top of the table

Create Users

Create users and OTP tokens, and assign them to the resource you created earlier. Remember that service users will need logins of the form [email protected]

Install Protectimus ADFS

Download the installer and setup instructions for Protectimus ADFS 3.0 or 4.0 using the buttons below. Run the Protectimus ADFS installer and follow the instructions.