OTP authentication for Microsoft ADFS. It is a module for Microsoft ADFS 2022 , ADFS 2019 or ADFS 2016 servers. It enables ADFS servers to provide multi-factor authentication (MFA) using a Time-Based One-Time Password (TOTP) Algorithm based on RFC6238. Using this MFA provider, users must enter a one-time passcode generated on their phones via authenticator applications like Microsoft Authenticator, Google Authenticator, Symantec VIP, etc., to complete second-factor authentication logon.
Product details and information on how to deploy the latest SecureMFA Time-base One-Time Pass-code provider for ADFS
Features
OTP passcodes for unlimited user accounts.
OTP user accounts deactivation
OTP data storage in MS SQL service
Self-registration with QR code (using free Microsoft Authentication, Google Authentication, Symantec VIP etc. mobile apps)
Logs in Windows Applications Log
ADFS 2016 / ADFS 2019 / ADFS 2022 support
Support of ADFS CSS themes
OTP data storage in MS Active Directory attributes or MS SQL Service
OTP account lockout feature.
OTP validity length can be customised
OTP Setup Bypass feature
Time skew support for OTP clients
QR secrets encryption with AES 256-bit encryption.
Configuration of network locations (IPv4 and IPv6) from which user can scan QR code.
Offline QR code generator (Integrated into adapter)
QR code customizations. (Advanced configuration)
User interface customizations
Free version notes are removed
Support of ADDS multi-forests trust relationships
Requirements
Users must deploy the solution on each of the ADFS servers (not on Proxy Servers).
Requires MS Framework 4.6.1 or later.
OTP authentication for Microsoft Active Directory Federation Service (ADFS). It enables ADFS servers to provide multi-factor authentication (MFA) using a Time-Based One-Time Password (TOTP) Algorithm based on RFC6238. Using this MFA provider, users must enter a one-time passcode to complete a second-factor authentication login process. OTP code is delivered via 3rd party provider’s API Gateway endpoint using HTTP POST. Managed API Gateway service is provided by vendors like Amazon (AWS SNS), Microsoft (Azure API Management) etc.
Product details and information on how to deploy the latest SecureMFA API OTP Provider for ADFS
Features
OTP passcodes for unlimited user accounts
OTP codes delivery via 3rd party provider’s API endpoint (Message delivery with: SMS, E-MAIL, Phone etc.)
OTP user accounts deactivation
Logs in Windows Applications Log
ADFS 2016 / ADFS 2019 / ADFS 2022 support
Proxy configuration
Support of ADFS CSS themes
OTP data storage in MS SQL service
OTP data storage in MS Active Directory attributes
OTP account lockout
Send API parameters in a message body
API Custom AD attributes in POST message
Customization for POST data values when sending into API endpoint
Authentication against API endpoint
QR code encryption with AES 256-bit encryption
User interface customizations
Free version notes are removed
Support of ADDS multi-forests trust relationships
Requirements
Users must deploy the solution on each of the ADFS servers (not on Proxy Servers).
Requires MS Framework 4.6.1 or later.
OTP authentication for Microsoft Active Directory Federation Service (ADFS). It enables ADFS servers to provide multi-factor authentication (MFA) using a Time-Based One-Time Password (TOTP) Algorithm based on RFC6238. Using this MFA provider, users must enter a one-time passcode to complete a second-factor authentication login process. OTP code is delivered using SMTP service.
Product details and information on how to deploy the latest SecureMFA Email Time Based OTP Provider for ADFS
Features
Multi-language UI: English, Spanish, French, German, Chinese, Portuguese, Russian, Italian, Arabic, Turkish, Dutch, Finnish, Swedish, Norwegian, Polish, Danish and Lithuanian.
OTP passcodes for unlimited user accounts
OTP codes delivery using SMTP service
OTP user accounts deactivation
OTP data storage in MS SQL service
Logs in Windows Applications Log
ADFS 2016 / ADFS 2019 / ADFS 2022 support
Support of ADFS CSS themes
OTP data storage in MS Active Directory attributes or MS SQL Service
OTP account lockout
OTP validity length can be customised
SSL and user authentication support for SMTP service
Secrets encryption with AES 256-bit encryption
Domain restrictions to receive OTP codes
User interface customizations
Free version notes are removed
Free version notes are removed
Requirements
Users must deploy the solution on each of the ADFS servers (not on Proxy Servers).
Requires MS Framework 4.6.1 or later.
Threat Detection Module for Microsoft Active Directory Federation Service (ADFS). The module allows or blocks user authentication requests at the point where the user provides the credentials but before AD FS evaluates them. The module leverages the user risk level determined by Azure AD Identity Protection to block or allow authentication for the user based on the user’s risk score. It allows to blocks authentication requests for risky IPs when AD FS receives the authentication request before the user enters credentials. The module once registered with AD FS runs in line with AD FS authentication process.
Product details and information on how to deploy the latest SecureMFA Threat Detection Module
Features
User risk assessment for unlimited user accounts using Azure Identity Protection risk scores.
Performance optimised API queries for Azure Identity Protection lookups.
Block or Allow request received from extranet IPs (Multiple network ranges)
Block or Allow request received from intranet IPs (Multiple network ranges)
Logs in Windows Applications Log
ADFS 2019 / ADFS 2022 support
Proxy configuration for Azure API requests
Support of ADFS CSS themes
Requirements (When using user risk assessment feature with Azure Identity Protection)
AD FS 2019 or later
Synchronize AD (on-prem) users with Azure AD using synchronization tools such as Azure AD Connect
Azure AD Premium P2 license to be able to call riskyUser API (https://graph.microsoft.com/beta/riskyUsers)
Configure additional authentication method for AD FS such as “SecureMFA OTP”
.NET Framework 4.7.2 and above
RD Gateway MFA provider. It is an OTP authentication module for Microsoft Remote Desktop Gateway servers (Windows 2022 / 2019 / 2016). It provides multi-factor authentication for RDS Farms and Remote Desktop Service access using a Time-Based One-Time Password (TOTP) Algorithm. TOTP Algorithm details can be found in RFC6238. Using this MFA provider, users must enter a one-time passcode generated on their phones via authenticator applications like Microsoft Authenticator, Google Authenticator, Symantec VIP, etc., to complete second-factor authentication logon. This module fully replaces native RD Gateway Client Authentication Policies (CAP) with OTP codes and fully integrates with native RD Gateway Resource Authorization Policies (RAP) for access and control management. More details on how RD Gateway API works can be found in MSDN Article.
Product details and information on how to deploy the latest SecureMFA RD Gateway OTP Authnetication Provider for Microsoft RD Gateway Service
Features
OTP passcodes for unlimited user accounts
OTP account lockout
QR code secrets decryption with AES 256-bit encryption
OTP data storage in MS SQL service
OTP user accounts deactivation
Integrates with native Microsoft RD Gateway resource authorization policies (RAP)
Logs in Windows Applications Log
Supported on Windows 2016 / 2019 / 2022 servers
Web Portal which allows to initiate RDP connection using a web browser
Requirements
Solution must be deployed on working RD Gateway Server.
Requires MS Framework 4.6.1 or later.
Limitations
You cannot configure an RD Gateway server to simultaneously use both native authentication and SecureMFA RD Gateway OTP authentication provider.
SecureMFA WIN Authentication Provider is a wrapping of TOTP authentication onto a native windows authentication provider. It allows requesting users to enter a one-time passcode generated on their phones via authenticator applications like Microsoft Authenticator, Google Authenticator, Symantec VIP, etc., as second-factor authentication in addition to their windows password. Windows MFA provider works with standalone and domain-joined workstations or servers. The provider is developed by using Windows authentication plug-in architecture.
Product details and information on how to deploy the latest SecureMFA WIN OTP Authnetication Provider for Windows
Features
TOTP code validation for unlimited user accounts
TOTP API message decryption with custom AES 256-bit encryption key.
“Change Password” link to Self-service password portal (SSPR) URL.
Header authentication against API endpoint.
API response message protection against replay or tampering.
TOTP Offline authentication.
TOTP account lockout feature.
Requirements
SecureMFA WIN Authentication Provider supports Windows x64 platforms only.
Servers OS minimal version must be Windows 2016
Client OS minimal version must be Windows 10
The self-service password reset portal allows to reset, change and unlock Active Directory accounts. The portal enforces multi-factor authentication to verify a user’s identity. Users must enter a one-time passcode, which is generated on their phones via authenticator applications like Microsoft Authenticator, Google Authenticator, Symantec VIP, etc. Second-factor authentication will be the user’s password challenge or authorization token received via email. Portal supports role-based access controls (RBAC) and multiple domain profiles.
Product details and information on how to deploy the latest SecureMFA SSPR Portal
Features
Password unlock/change/reset for unlimited Active Directory user accounts.
Active Directory access via integrated authentication or LDAP.
Multiple LDAP servers for resilient configuration.
Multiple profiles to access to unlimited Domains.
Password Change/Reset honors Active Directory password history and complexity policies.
Role base access to unlock/change/reset workflows.
Multi factor authentication.
TOTP authentication is used for first factor authentication.
OTP account deactivation.
OTP account lockout feature.
OTP data storage in MS Active Directory attributes or MS SQL Service.
OTP account secrets encryption with AES 256-bit encryption.
Active Directory user password challenge for second factor authentication.
Email Authorization code for password reset workflow.
Unlimited email authorization codes.
Email authorization codes validity length customization.
Configuration of whitelist of domains to receive authorization code.
Configuration of subnets from which unlock/change/reset workflows can be executed.
Logs in Windows Applications Log.
Allows UI interface branding using CSS theme and logo image.
API interface.
Requirements
IIS 10 or above.
OS with Windows x64 architecture.
ASP.NET Core 3.1 Runtime (minimum v3.1.10).