Active Directory Integration

Introduction

Acceptto offers a simple solution for adding Multi-Factor Authentication for Active Directory. Multi factor authentication, or MFA, is an extra layer of security used when logging into websites or apps in which individuals are authenticated through more than one required security and validation procedure that only you know or have access to.


Process Overview

Download Acceptto Mobile App

If you don't have an Acceptto account and Acceptto mobile application, Download our app and register a new account on it:

Download Acceptto RADIUS Server

Please contact Acceptto to download the RADIUS VM Images.

Configure Acceptto RADIUS Server
  1. Login to Acceptto VM using the provided user and password
  2. Run acceptto start up scripting by entering ./acceptto.sh
    1. Network Configuration: Use this option to configure Network Settings. Note that, VM should be able to lookup domain when network is configured.
    2. Domain Information configuration: Using this option you can enter your domain information.
    3. Joining host to Domain: once Network is configured and domain information entered, you can join Radius to your active directory domain using this option.
    4. Add New Radius Client: you can use this option if you want to add a NAS to acceptto radius.
    5. Acceptto Authentication Factor: choose authentication factor (username/email)
    6. Acceptto Deployment Method:
      1. Select Two-Factor authentication if you want to verify user passwords and authenticate against Acceptto.
      2. Select Second-Factor-Only, if you want to authenticate only with Acceptto. (user passwords will not be verified in this mode)
Create RADIUS Active Directory Binding User
  1. On Active directory server, press Start+Win key, and enter dsa.msc to start the Active Directory Users and Computers console.
  2. Click the domain name that you created, and then expand the contents.
  3. Right-click Users, point to New, and then click User.
  4. Type the first name, last name, and user logon name of the new user, and then click Next.
  5. Type a new password, confirm the password, and then click to select following check boxes:
    1. User cannot change password
    2. Password never expires
  6. Click next and review the information that you provided, and if everything is correct, click Finish.
Delegate join privileges to AD Binding User
  1. Open Active Directory User and Computers and select your domain root in the navigation tree.
  2. In the navigation tree, select your domain root. From the Action menu, choose Delegate Control.
  3. On the Delegation of Control Wizard page, choose Next, and then choose Add.
  4. In the Select Users, Computers, or Groups box, type newly created username and choose OK. If more than one object is found, select the user created above. Choose Next.
  5. On the Tasks to Delegate page, choose Join a computer to the domain checkbox from Delegate the following common tasks, and then choose Next.
  6. Verify the information on the Completing the Delegation of Control Wizard page and choose Finish.
Create Acceptto AD group. Members of this group will be protected by Acceptto
  1. Open Active Directory User and Computers and select your domain root in the navigation tree
  2. In the console tree, right-click the folder in which you want to add a new group.
  3. Click New, and then click Group.
  4. Type the name of the new group.
  5. In the New Object - Group dialog box, do the following:
    1. In Group scope, click Global scope.
    2. In Group type, click Security.
  6. Click Finish.
Add Users to Acceptto Active Directory group
  1. Open Active Directory User and Computers and select your domain root in the navigation tree
  2. In the console tree, click the folder that contains the Acceptto group.
  3. In the details pane, right-click the group, and then click Properties.
  4. On the Members tab, click Add.
  5. n Enter the object names to select, type the name of the user or group that you want to authenticate using Acceptto, and then click OK.
Support

If you require assistance, please email us at support@acceptto.com