Active Directory Federation Services
Acceptto offers a simple solution for adding Multi-Factor Authentication for Active Directory Federation Services users. Multi factor authentication, or MFA, is an extra layer of security used when logging into websites or apps in which individuals are authenticated through more than one required security and validation procedure that only you know or have access to.
Download Acceptto Mobile App
If you don't have an Acceptto account and Acceptto mobile application, Download our app and register a new account on it:
- Windows Server 2016 with Desktop Experience, Active Directory Domain Services Tools and Active Directory Federation Services or Windows Server 2019 with Desktop Experience, Active Directory Domain Services Tools and Active Directory Federation Services
- An Acceptto Account with one or more applications.
- Users accounts enrolled to the Acceptto dashboard.
- The Acceptto It’sMeTM Application installed on the user mobile phone.
Create an Application
Step 1 – Create an application in the Acceptto management dashboard
Follow this guide to create an Application. Create a new Acceptto application by giving it a memorable name, for example, “AD FS login with Acceptto Multi-Factor Authentication”. Note: if you do not plan to use AD FS in an external facing environment, such as a proxy, configure the URL callback to point to https://mfa.acceptto.com. Also, note that you can create multiple applications to cover difference relying parties. After creating an Application select details and note the UID and Secret, you will need these values for step 2.
Once the application is created add usernames to the application by selecting the control “Usernames”. Add the usernames and emails of the users that are going to be login using AD FS.
Step 2 – Install the Acceptto Corporation Active Directory Federation Services in each of the Active Directory Federation Services Servers that will use MFA.
- Login to the Active Directory Federations Services server
- Select the Acceptto AD FS MFA adapter installer “Acceptto AD FS MFA adapter.exe”
- In the installation dialog provide the UID and Secret that were given to you when you created the application.
- Repeat this step on each of the AD FS server.
- Before enabling Multi-Factor Authentication verify if you can login to the AD FS server by browsing to https://<FQDN>/adfs/ls/IdpInitiatedSignon.aspx , where FQDN is the fully qualified domain name of your server, using Windows credentials.
- Please note that the AD FS login uses the user principal name as the username for e.g.: myuser@myrealm
If you require assistance, please email us at firstname.lastname@example.org
Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.