Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

> ADFS 4.0 2FA

ADFS 4.0 2FA

ATTENTION! When you integrate Protectimus 2FA system with ADFS, Users in the Protectimus service or platform must have logins of the form [email protected]

1. Get Registered and Configure Basic Settings

  1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform.
  2. Add Resource.
  3. Add Users. NOTE! Users in Protectimus system must have logins of the form [email protected].
  4. Add Tokens or activate Users’ Self Service Portal.
  5. Assign Tokens to Users.
  6. Assign Tokens with Users to the Resource.

2. Install the Protectimus ADFS Сomponent

  1. Download the Protectimus ADFS installer here.

  2. Run the installer as administrator.
Protectimus OWA two-factor authentication component installation - run the intaller as administrator
 
  1. You will see a welcome screen, click Next to continue.
How to set up ADFS two-factor authentication with Protectimus - step 1
 
  1. On this page, select Protectimus MFA ADFS and click Next.
How to set up ADFS two-factor authentication with Protectimus - step 2
 
  1. On this screen, you will need to enter the API URL, Login, API Key, and Resource ID. These parameters stand for:
  • API URL – an address of the API endpoint. If you use SAAS Service API URL is https://api.protectimus.com. In the case of the on-premise Platform, API URL is a server address, where the Platform is running.
  • API Login – the login of your account, the same as for signing in.
  • API Key – you’ll find it in your profile. To access a profile, click the user’s login in the top right corner of the interface, and choose the “Profile” entry from the drop-down list.
  • Resource ID – After creating the resource, you’ll be taken to a page with a list of available resources, where you can see the resource you’ve just created. In addition, the ID of the resource will be displayed in the table.
How to set up ADFS two-factor authentication with Protectimus - step 3
 
  1. Everything is ready for installation, click Install. During the installation, the ADFS service will be restarted.
How to set up ADFS two-factor authentication with Protectimus - step 4
 
  1. When the installation is completed, click Finish.
How to set up ADFS two-factor authentication with Protectimus - step 5
 

3. Configure ADFS Multi-Factor Authentication

  1. Run the ADFS configuration console: Server Manager -> Tools -> AD FS Management
ADFS multi-factor authentication settings configuration - Step 1
 
  1. Navigate to Multi-Factor Authentication settings: Service -> Authentication methods -> Multi-Factor Authentication methods -> Edit
ADFS 4.0 two-factor authentication setup - step 1
 
  1. Choose Protectimus MFA.
ADFS 4.0 two-factor authentication setup - step 2
 
  1. Navigate to Access Control Policies.
ADFS 4.0 two-factor authentication setup - step 3
 
  1. Add Access Control Policy.
ADFS 4.0 two-factor authentication setup - step 4
 
  1. Tick the checkbox “require MFA” and setup specific networks, users groups, etc.
ADFS 4.0 two-factor authentication setup - step 5
 
  1. Navigate to Relying Party Trust and choose Relying Party Trust where you want to add Protectimus MFA.
ADFS 4.0 two-factor authentication setup - step 6
 
  1. Choose the Access Control Policy which was added on the 5th step.
ADFS 4.0 two-factor authentication setup - step 7
 
  1. Setting Protectimus MFA for ADFS is completed. You can read more about Access Control Policies here.

4. Check the correctness of the installation and settings

  1. For verification, go to: https://adfs.yourdomain.com/adfs/ls/idpinitiatedsignon.aspx
ADFS 4.0 two-factor authentication setup - step 8
 
  1. At the second stage of authentication, enter your one-time password.
ADFS 4.0 two-factor authentication setup - step 9
 
  1. In case ADFS user is not in “Administrators” group you may get the following error message: ADFS 4.0 two-factor authentication setup - step 10
      To fix this error execute the next command in the PowerShell with administrative privileges:
    eventcreate /ID 1 /L APPLICATION /T INFORMATION  /SO "Protectimus MFA ADFS" /D "Init"
Last updated on 2022-09-15