Starling Two-Factor Authentication Hosted - AD FS Adapter Administrator Guide

Overview

One Identity Starling Two-Factor AD FS Adapter integrates with Microsoft Active Directory Federation Services (AD FS) to add two-factor authentication to services using browser-based federated logins. Starling Two-Factor AD FS Adapter supports relying parties that use Microsoft WS-Federation protocol such as Office 365, as well as SAML 2.0 federated logins for cloud applications such as Google Apps and Salesforce.com. Starling Two-Factor AD FS Adapter supports Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

AD FS Adapter adds multi-factor authentication (MFA) that provides a two-factor authentication prompt to web-based logins through AD FS server or Web Application Proxy. After completing the primary AD FS server authentication, using standard methods such as Windows Integrated or Forms-Based, complete Starling Two-Factor authentication before getting redirected to the relying party. If the deployment is in an AD FS farm, install AD FS Adapter on all AD FS servers in the farm.

Figure 1: AD FS Adapter deployment overview

 

 

After the installation of AD FS Adapter on the AD FS servers in the farm, while configuring the multi-factor authentication policies, select the MFA location (Internal access or External access or both as per the requirement). If you require two-factor authentication for External access locations, a Web Application Proxy is required and you do not have to install AD FS Adapter on the Web Application Proxy server.

AD FS Adapter Network diagram

 

The following diagram gives an overview of how AD FS Adapter functions with Starling Two-Factor Authentication to provide two-factor authentication to the relying parties.

Installing Starling Two-Factor AD FS Adapter

The following sections brief about the prerequisites and the steps to download and install the latest version of the Starling Two-Factor AD FS Adapter.

 

Prerequisites for installation

Before installing AD FS Adapter, verify the following on the system:

  • Microsoft .NET Framework 4.6.2 or later is installed

  • PowerShell 4.0 or later is installed

  • AD FS role is installed

  • AD FS service is running
  • The federated logins to the relying parties are working

  • A valid phone number and email address are configured in the Active Directory for the user

Herramientas de autoservicio
Base de conocimientos
Notificaciones y alertas
Suporte de productos
Descargas de software
Documentación técnica
Foros de usuarios
Tutoriales en video
Comuníquese con nosotros
Obtenga asistencia con las licencias
Soporte Técnico
Ver todos
Documentos relacionados