Active Directory Integration

Introduction

Acceptto offers a simple solution for adding Multi-Factor Authentication (MFA) for Active Directory. Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only you know or have access to.

The Acceptto Appliance acts as a bridge between your Active Directory (AD) and the Acceptto backend services for user management, provisioning, MFA, and single sign-on. It also provides RADIUS services for VPN or wireless authentication plans.

Pre-Requisites
  1. An Acceptto Appliance connected to your user directory (for example Microsoft Active DirectoryTM).
  2. A user with administrative privileges for the Acceptto Appliance.
  3. The user population that is going to be authenticated via RADIUS must be enrolled in the It’sMe mobile Application.
  4. A user with administrative privileges for the AD Domain Console.
Connecting the Acceptto Appliance to Active Directory
  1. Login to the Acceptto appliance admin panel with an administrative account and select Active Directory.
  2. In the “Active Directory Configuration” dialog, enter the following values.
  3. Appliance active directory config
    1. Domain controller hostname - a fully qualified domain name (FQDN) or the IP address of one of our domain controllers.
    2. Base DN - the starting point where the Acceptto appliance starts looking for users of Active Directory.
    3. Domain name - your AD domain name.
    4. Username and Password - enter a credential with enough privileges to connect and bind over LDAP. Note that the username must be in userPrincipalName format and have the right to read the user information from AD; otherwise, the LDAP bind attempt will fail.
  4. Click on Save Changes. The Appliance will connect to Active Directory and start provisioning users. Users will start receiving invitations with instructions on how to obtain and download the Acceptto mobile application It’sMe.
Configure the Acceptto Appliance RADIUS interface
  1. Login to the Acceptto Appliance admin panel with an administrative account, select RADIUS and enter the following values.
  2. Radius settings
    • NETBIOS domain - enter the NETBIOS domain name.
    • Assigned Computer Name - Enter the computer name that you want to be created in Active Directory. For example, radius1.
    • REALM - Enter the realm that is appended to your username. Usually, this is your domain name.
    • MFA Active Directory Group - Enter the LDAP group that contains the users that can login via MFA (note that by default users outside of this group will have their access denied).
    • MFA Login message - enter the message that your users are going to see on the It’sMe mobile application.
    • Radius eGuardian UID - enter the UID of Radius application in your eGuardian Admin Panel.
    • Radius eGuardian Secret - enter the Secret of Radius application in your eGuardian Admin Panel.
  3. Click on Save Changes.
Support

If you require assistance, please email us at support@acceptto.com

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. Use of these names, trademarks, and brands does not constitute endorsement by the Acceptto Corporation.

Microsoft and 'Active Directory' are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.