Skip to main content

ADFS

Prerequisites

  • A Windows server with ADFS configured.
  • A Windows machine with the Single Agent.

1. SecurEnvoy RADIUS Profile

  1. Go to Integration > Premises and add a new RADIUS profile.
  2. Enter the RADIUS configuration settings:
    • Friendly name.
    • Server Port.
    • Assigned Agent.
    • The IP address of the ADFS server.
    • The Shared Secret for the RADIUS connection.
  3. (Optional) Enable the 'Message Authenticator' and 'Brute Force Protection' options.
  4. Save the configuration.

2. Microsoft Server Agent Installation

  1. Install the SecurEnvoy Microsoft Server Agent.
  2. Enter the IP address of the Single Agent, along with the shared secret and RADIUS port.
  3. Press the 'Test Server' button to test the connection to Access Management.
Multiple Single Agents

Up to two Single Agents can be added in the Microsoft Server Agent. Each agent will require a RADIUS profile in Access Management.

3. Microsoft Server Agent config

  1. Go to the 'ADFS' tab and click the checkbox for 'Include SecurEnvoy Plugin in ADFS'
  2. Click 'Update' then 'Start ADFS Manager'

4. ADFS Config

  1. In ADFS Manager go to: Action > Add Relaying Party Trust.
  2. Select 'Claims Aware' and click 'Start'.
  3. Enter your Federation metadata and click 'Next'.
  4. Select 'Permit everyone and require MFA' then click 'Next'.
  5. Check the settings and finish the wizard.
  6. Expand 'Service' and click 'Authentication Methods' then click 'Edit Primary Authentication Methods'.
  7. On the 'Additional' tab, check 'SecurEnvoy'.

5. Testing MFA Authentication

  1. Open a browser and go to the ADFS URL to log in as a user.