mPass ADFS Agent Installation Guide

 1   INTRODUCTION 

The MPass ADFS agent is a comprehensive solution for enabling Multi-Factor Authentication (MFA) for accessing applications via Microsoft ADFS (Active Directory Federation Services).

1.1 Purpose 

The purpose of this document is to help administrators understand the Mpass ADFS configuration tool installation and configuration process.

1.2 Other Reading Suggestions 

The administrators are advised to read the other document titled ‘Mpass Authentication Server Installation Guide’ before reading this document.

2 PRE-REQUISITES 

  2.2 Network Connectivity Requirements

2.3 Other Requirements

The mPass authentication server should be configured and functioning

correctly before proceeding with this installation.

All the applications for which multi-factor authentication is desired should be

configured properly in ADFS prior to installation.

Also, a channel of type OWA/ADFS should be defined in the mPass

authentication server having IP Address of ADFS server, so that the API requests

are allowed from the mPass ADFS agent.

3 MPASS ADFS AGENT SETUP & CONFIGURATION

To begin the installation, ensure that the pre-requisites are ready, and the

executing user has administrator privileges. The following steps will guide

through the installation and configuration process of the mPass ADFS.

3.1 mPass ADFS Agent Installation

Execute the ‘mPass ADFS Configuration Tool Setup.exe’ file.

The following dialog will be displayed. Click the Next button to continue.

Note: Executing this setup will cause ADFS to restart. Restarting ADFS might affect currently

logged in users.

The following window will be displayed. Please read the license agreement

carefully and click “I accept terms in the License Agreement” and then click

Next button.

Now, the following dialog box will be displayed. To begin the installation, click

the Install button.

The installation process will begin and after successful installation, the following

dialog will be displayed and mPass ADFS Configuration Tool will be installed.

Click the Finish button to close the above displayed dialog box.

3.2 mPass ADFS Agent Configuration

This section will explain how to perform configuration of the mPass ADFS

Agent. The mPass ADFS Configuration Tool installed in the previous step can be

opened in the following ways.

• By going to the installation directory “C:\Program Files\CEREBRA

\ADFS\mPass ADFS Configuration Tool” and clicking mPass

ADFS Configuration Tool.exe.

or

• By clicking windows icon and searching for mPass ADFS Configuration

Tool

The following configuration window is displayed on the screen.

Note: The mPass ADFS Configuration Tool is already pre-populated with arbitrary values to

facilitate the user.

The configuration tool has only one section. Details are described below.

3.2.1 Authentication Server Settings

In this section settings related to mPass Authentication Server are configured.

Edit the values present in Web Services URL to point to mPass Authentication

Server. Change the values for Channel and Data Key (defined in mPass

Authentication Server. Kindly refer to mPass Authentication Server

documentation to see how to define a channel).

Once all the changes are done click “Save”.

If the changed were saved successfully then a dialog box will appear stating

that the settings were saved successfully (as shown below).

3.3 ADFS Multi-factor Authentication Configuration

This section will explain how to configure multi-factor authentication in ADFS.

1. Open "ADFS Manager" on the ADFS server.

2. Navigate to "Authentication Policies" and right-click it.

3. From the menu shown, select "Edit Global Multi-Factor Authentication."

4. A window showing available multi-factor authentication options will

appear, as shown below.

5. Select "IS Multi-factor Authentication" and click OK.

Note: If "IS Multi-factor Authentication" is not shown in the list, then try to restart the ADFS

service.

Now, navigate to “Per Relying Party Trust” under “Authentication Policies”

and right-click your application and select “Edit Custom Multi-Factor

Authentication,” as seen below.

Configure the multi-factor authentication options as per your organization’s

needs. Click “OK” to close the dialog box.

4 APPENDIX

4.1 Abbreviations