4.0 Configuring the Advanced Authentication Server for ADFS Plug-in

After you configure the ADFS MFA plug-in, you must create a customized ADFS event to enable multi factor authentication to ADFS.

To configure Advanced Authentication, perform the following steps:

  1. Open the Advanced Authentication Administration portal.

  2. Click Events > Add.

  3. Create a customized event with the following parameters:

    • Name: Specify the name that you have specified in the Administration Tool. The default name is MFA ADFS.

    • Event type: Select Generic.

    • Select the required chains.

      You need not add the LDAP Password method in the chains because the multi-factor authentication with Advanced Authentication is done after the standard authentication with the Password method.

  4. Click Save.

  5. Open the ADFS console.

  6. Click Authentication Policies.

  7. In the Actions pane, click Edit Global Primary Authentication Policies.

  8. Click the Multi-factor tab.

  9. In Select additional authentication method, select AAF ADFS MFA Plugin and click Apply.

NOTE:ADFS MFA plug-in supports the following methods: Email OTP, Emergency password, HOTP, LDAP password, Password, RADIUS, SMS OTP, TOTP, and Voice OTP.

To use the other authentication methods of Advanced Authentication, you need not install and configure the ADFS MFA plug-in. You can integrate with ADFS - using SAML. For more information, see Configuring Integration with ADFS in the Advanced Authentication - Administration guide.