MultiFactor.ADFS.Adapter

Also available in other languages: Русский

MultiFactor.ADFS.Adapter allows to protect access to corporate Active Directory Federation Services (ADFS) applications with MultiFactor 2FA hybrid solution.

The component is developed and supported by MultiFactor, distributed for free with the source code.

• Source code
• Build

See documentation at https://multifactor.pro/docs/adfs-2fa/ for additional guidance on integrating 2FA into your ADFS applications.

Table of Contents

• Operation Principle
• Available authentication methods
• Prerequisites
• Configuration
  • MultiFactor Configuration
  • ADFS Configuration
• Additional information
• License

Operation Principle

1. User opens a corporate application;
2. ADFS asks for the first authentication factor: login and password, then checks credentials in ActiveDirectory and, if they are correct, proceeds to the second stage of authentication;
3. In the second stage, the Multifactor prompt opens, inviting the user to confirm access;
4. The user confirms access with the second factor and proceeds to the application.

Available authentication methods

• MultiFactor Mobile Application
• Telegram
• SMS
• Biometrics
• Hardware OTP tokens
• Software OTP tokens (e.g. Google Authenticator)

Prerequisites

1. The component must have access to the api.multifactor.ru on TCP port 443 (TLS) directly or via HTTP proxy;
2. The server must be set to the correct time.

Configuration

MultiFactor Configuration

1. Open Multifactor management console, then create a new Web-site with default settings under Resources section. Keep API Key and API Secret parameters displayed upon resource creation: these are needed to complete the setup.

ADFS Configuration

1. Download and unzip the archive to the server with ADFS;
2. In MultiFactor.ADFS.Adapter.dll.config configuration file fill in API Key and API Secret from the MultiFactor personal account;
3. Run the PowerShell script install.ps1 with administrator privileges;
4. Navigate to ADFS management console and under Authentication methods -> Multi-factor Authentication Methods enable the MultiFactor method;
5. Under Relying Party Trusts, edit the Access Policy for the applications where you want to enable 2FA.

Additional information

• To work in a cluster configuration, the component must be installed on all servers in the cluster;
• Component log can be viewed on the ADFS server Windows Log in Application Log section (source: MultiFactor) and ADFS section.

License

Please note, the license does not entitle you to modify the source code of the Component or create derivative products based on it. The source code is provided as-is for evaluation purposes.