ADFS 4.0 2FA

ATTENTION! When you integrate Protectimus 2FA system with ADFS, Users in the Protectimus service or platform must have logins of the form [email protected]

1. Get Registered and Configure Basic Settings

1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform.
2. Add Resource.
3. Add Users. NOTE! Users in Protectimus system must have logins of the form [email protected].
4. Add Tokens or activate Users’ Self Service Portal.
5. Assign Tokens to Users.
6. Assign Tokens with Users to the Resource.

2. Install the Protectimus ADFS Сomponent

1. Download the Protectimus ADFS installer here.


2. Run the installer as administrator.

 

3. You will see a welcome screen, click Next to continue.

 

4. On this page, select Protectimus MFA ADFS and click Next.

 

5. On this screen, you will need to enter the API URL, Login, API Key, and Resource ID. These parameters stand for:

• API URL – an address of the API endpoint. If you use SAAS Service API URL is https://api.protectimus.com. In the case of the on-premise Platform, API URL is a server address, where the Platform is running.
• API Login – the login of your account, the same as for signing in.
• API Key – you’ll find it in your profile. To access a profile, click the user’s login in the top right corner of the interface, and choose the “Profile” entry from the drop-down list.
• Resource ID – After creating the resource, you’ll be taken to a page with a list of available resources, where you can see the resource you’ve just created. In addition, the ID of the resource will be displayed in the table.

 

6. Everything is ready for installation, click Install. During the installation, the ADFS service will be restarted.

 

7. When the installation is completed, click Finish.

 

3. Configure ADFS Multi-Factor Authentication

1. Run the ADFS configuration console: Server Manager -> Tools -> AD FS Management

 

2. Navigate to Multi-Factor Authentication settings: Service -> Authentication methods -> Multi-Factor Authentication methods -> Edit

 

3. Choose Protectimus MFA.

 

4. Navigate to Access Control Policies.

 

5. Add Access Control Policy.

 

6. Tick the checkbox “require MFA” and setup specific networks, users groups, etc.

 

7. Navigate to Relying Party Trust and choose Relying Party Trust where you want to add Protectimus MFA.

 

8. Choose the Access Control Policy which was added on the 5th step.

 

9. Setting Protectimus MFA for ADFS is completed. You can read more about Access Control Policies here.

4. Check the correctness of the installation and settings

1. For verification, go to: https://adfs.yourdomain.com/adfs/ls/idpinitiatedsignon.aspx

 

2. At the second stage of authentication, enter your one-time password.

 

3. In case ADFS user is not in “Administrators” group you may get the following error message:   To fix this error execute the next command in the PowerShell with administrative privileges:

   eventcreate /ID 1 /L APPLICATION /T INFORMATION  /SO "Protectimus MFA ADFS" /D "Init"