> ADFS 4.0 2FA
ADFS 4.0 2FA
ATTENTION! When you integrate Protectimus 2FA system with ADFS, Users in the Protectimus service or platform must have logins of the form [email protected]
1. Get Registered and Configure Basic Settings
- Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform.
- Add Resource.
- Add Users. NOTE! Users in Protectimus system must have logins of the form [email protected].
- Add Tokens or activate Users’ Self Service Portal.
- Assign Tokens to Users.
- Assign Tokens with Users to the Resource.
2. Install the Protectimus ADFS Сomponent
- Download the Protectimus ADFS installer here.
- Run the installer as administrator.
![OWA-two-factor-authentication-setup-run-as-administrator - Protectimus Limited Protectimus OWA two-factor authentication component installation - run the intaller as administrator](https://www.protectimus.com/wp-content/uploads/2021/12/OWA-two-factor-authentication-setup-run-as-administrator.png)
- You will see a welcome screen, click Next to continue.
![- Protectimus Limited How to set up ADFS two-factor authentication with Protectimus - step 1](https://www.protectimus.com/wp-content/uploads/2021/12/ADFS-two-factor-authentication-setup-1.png)
- On this page, select Protectimus MFA ADFS and click Next.
![ADFS-two-factor-authentication-setup-2 - Protectimus Limited How to set up ADFS two-factor authentication with Protectimus - step 2](https://www.protectimus.com/wp-content/uploads/2021/12/ADFS-two-factor-authentication-setup-2.png)
- On this screen, you will need to enter the API URL, Login, API Key, and Resource ID. These parameters stand for:
- API URL – an address of the API endpoint. If you use SAAS Service API URL is https://api.protectimus.com. In the case of the on-premise Platform, API URL is a server address, where the Platform is running.
- API Login – the login of your account, the same as for signing in.
- API Key – you’ll find it in your profile. To access a profile, click the user’s login in the top right corner of the interface, and choose the “Profile” entry from the drop-down list.
- Resource ID – After creating the resource, you’ll be taken to a page with a list of available resources, where you can see the resource you’ve just created. In addition, the ID of the resource will be displayed in the table.
![ADFS-two-factor-authentication-setup-3 - Protectimus Limited How to set up ADFS two-factor authentication with Protectimus - step 3](https://www.protectimus.com/wp-content/uploads/2021/12/ADFS-two-factor-authentication-setup-3.png)
- Everything is ready for installation, click Install. During the installation, the ADFS service will be restarted.
![ADFS-two-factor-authentication-setup-4 - Protectimus Limited How to set up ADFS two-factor authentication with Protectimus - step 4](https://www.protectimus.com/wp-content/uploads/2021/12/ADFS-two-factor-authentication-setup-4.png)
- When the installation is completed, click Finish.
![ADFS-two-factor-authentication-setup-5 - Protectimus Limited How to set up ADFS two-factor authentication with Protectimus - step 5](https://www.protectimus.com/wp-content/uploads/2021/12/ADFS-two-factor-authentication-setup-5.png)
3. Configure ADFS Multi-Factor Authentication
- Run the ADFS configuration console: Server Manager -> Tools -> AD FS Management
![ADFS-two-factor-authentication-setup-6 - Protectimus Limited ADFS multi-factor authentication settings configuration - Step 1](https://www.protectimus.com/wp-content/uploads/2021/12/ADFS-two-factor-authentication-setup-6.png)
- Navigate to Multi-Factor Authentication settings: Service -> Authentication methods -> Multi-Factor Authentication methods -> Edit
![adfs-4-0-mfa-setup-step-1 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 1](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-1.png)
- Choose Protectimus MFA.
![adfs-4-0-mfa-setup-step-2 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 2](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-2.png)
- Navigate to Access Control Policies.
![adfs-4-0-mfa-setup-step-3 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 3](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-3.png)
- Add Access Control Policy.
![adfs-4-0-mfa-setup-step-4 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 4](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-4.png)
- Tick the checkbox “require MFA” and setup specific networks, users groups, etc.
![adfs-4-0-mfa-setup-step-5 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 5](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-5.png)
- Navigate to Relying Party Trust and choose Relying Party Trust where you want to add Protectimus MFA.
![adfs-4-0-mfa-setup-step-6 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 6](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-6.png)
- Choose the Access Control Policy which was added on the 5th step.
![adfs-4-0-mfa-setup-step-7 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 7](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-7.png)
- Setting Protectimus MFA for ADFS is completed. You can read more about Access Control Policies here.
4. Check the correctness of the installation and settings
- For verification, go to: https://adfs.yourdomain.com/adfs/ls/idpinitiatedsignon.aspx
![adfs-4-0-mfa-setup-step-8 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 8](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-8.png)
- At the second stage of authentication, enter your one-time password.
![adfs-4-0-mfa-setup-step-9 - Protectimus Limited ADFS 4.0 two-factor authentication setup - step 9](https://www.protectimus.com/wp-content/uploads/2022/01/adfs-4-0-mfa-setup-step-9.png)
- In case ADFS user is not in “Administrators” group you may get the following error message:
To fix this error execute the next command in the PowerShell with administrative privileges:
eventcreate /ID 1 /L APPLICATION /T INFORMATION /SO "Protectimus MFA ADFS" /D "Init"
Last updated on 2022-09-15