To configure the Advanced Authentication ADFS MFA plug-in, perform the following steps:
Launch the Administration Tool.
Specify a DNS name or IP address of an Advanced Authentication server without https:// in Server URL.
Select Ignore SSL errors if the server has an invalid certificate (self-signed or expired).
The Event name, Tenant name, and Templates path are auto populated. You can edit them as per your requirement.
NOTE:The Tenant name is ignored when multitenancy is disabled. Administrators need not edit the value of this field.
Specify a secret. The secret must contain a minimum of eight characters that include numbers and uppercase characters.
Click Save.
Click Enable only if it is a first (primary) server in the ADFS farm. For the other servers, you must click Restart ADFS.
An endpoint will be created in the Endpoints section of the Advanced Authentication Administration portal.
After an endpoint is created in the Advanced Authentication server, the config.properties and ep.properties files are automatically created with the set configurations in the path C:\ProgramData\NetIQ\AAF ADFS MFA Plugin.
In the ADFS farm, all the plug-ins must have the same version of ADFS. If the versions are different, the synchronization will not happen and this affects the functionality of the plug-in.
IMPORTANT:During upgrading an ADFS MFA plug-in, it is recommended to upgrade all the other ADFS MFA plug-ins in the ADFS Farm.
For example, if you upgrade AAF ADFS MFA Plugin 6.0 to AAF ADFS MFA Plugin 6.1, then you must ensure that all the other plug-ins in the farm are also upgraded to ADFS 6.1.