The latter implements a provider of multi-factor authentication for Microsoft ADFS server, thus adding the second factor to the access gaining process.

Files of Indeed AM ADFS Extension reside in: indeed AM\Indeed AM ADFS Extension\<Version number>\

  • IndeedAM.ADFS.Extension-x64.msi is the installation package of Indeed AM ADFS Extension.

Installation and configuration of ADFS Extension

  1. Install Indeed ADFS Extension by running IndeedAM.ADFS.Extension-x64.msi installer.

  2. Create a configuration file named MFAAdapter.json with the following parameters.

    id parameter of ModeId have different provider ID

    {EBB6F3FA-A400-45F4-853A-D517D89AC2A3} - SMS OTP

    {093F612B-727E-44E7-9C95-095F07CBB94B} - EMAIL OTP

    {F696F05D-5466-42b4-BF52-21BEE1CB9529} - Passcode

    {0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0} - Software OTP

    {AD3FBA95-AE99-4773-93A3-6530A29C7556} - HOTP Provider

    {CEB3FEAF-86ED-4A5A-BD3F-6A7B6E60CA05} - TOTP Provider

    {DEEF0CB8-AD2F-4B89-964A-B6C7ECA80C68} - AirKeyProvider

    Example
    {
"ServerType":"eaNet",
"EANetServerURL":"http://YourDomainName/easerver/",
"ModeId":"{0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0}",
"LSEventCacheDirectory": "C:\\EventCacheEa\\"
}

  3. Run PowerShell as administrator. Enter the following data to register an adapter:

    YourPatch\MFAAdapter.json - specify full path to the previously created configuration file.

    Specify the version number of ADFS Extension used in  $typeName variable, Version parameter.

    Example
    $typeName = "IndeedId.ADFS.MFAAdapter.MFAAdapter, IndeedId.ADFS.MFAAdapter, Version=1.0.6.0, Culture=neutral, PublicKeyToken=1ebb0d9282100d91"
Register-AdfsAuthenticationProvider -TypeName $typeName -Name "Indeed Id MFA Adapter" -ConfigurationFilePath 'YourPatch\MFAAdapter.json'

  4. To remove an adapter, execute the following command:

    Example
    Unregister-AdfsAuthenticationProvider -Name "Indeed Id MFA Adapter"

  5. To update configuration, execute the following command:

    Example
    Import-AdfsAuthenticationProviderConfigurationData -Name "Indeed Id MFA Adapter" -FilePath 'YourPatch\MFAAdapter.json'

Activation of multi-factor authentication for ADFS.

  1. Open AD FS management console.
  2. Select “Authentication Policies”, and then select “Edit Global Multi-factor Authentication...” in “Actions” window.
  3. Add a user/group and enable the following parameters:
    1. Select “Extranet” and “Intranet” in “Location” item.
    2. Select "Indeed Id MFA Adapter” provider.
  4. Restart the AD FS service to apply the changes.

Example of extension operation.

  1. Open ADFS test page: https://YourDomainName/adfs/ls/idpinitiatedsignon.htm
  2. Perform logging in.
  3. Specify the second factor data after entering the username and password.
  4. If all data is entered correctly, log in is executed.



  • No labels