This section provides the procedure that you must follow to configure Defender AD FS Adapter.
To configure Defender AD FS Adapter
|
NOTE: Configuration is required for all installations of AD FS servers in the farm. |
The dialog box looks similar to the following:
Enabling LDAP over SSL enables communication with the Active Directory server.
|
NOTE: Enabling LDAP over SSL is required for all installations of AD FS servers in the farm. |
To enable LDAP over SSL for communicating with Active Directory server
On a computer where Defender AD FS Adapter is installed, create the following value in the "HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Defender\AD FS Adapter" registry key using the Registry Editor:
This section provides information on the configuration of AD FS Multi-factor Authentication on the operating systems listed below.
To configure AD FS Multi-factor Authentication
Navigate to AD FS | Authentication Policies, and click Edit Global Multi-factor Authentication. Alternatively, under Multi-factor Authentication | Global Settings section, click Edit.
In the Edit Global Authentication Policy window, click Multi-factor.
In Users/Groups section, click Add and select a domain for MFA (for example, Domain Users).
|
NOTE: The Users or the Groups must be a member of Defender Access Node. |
In the Location section, select Extranet and/or Intranet check boxes depending on the required type of connection.
For example, if you always require two-factor authentication, select both Extranet and Intranet when configuring the multi-factor authentication policy. If you want to enforce two-factor authentication for external users, and if you have configured your network such that external users communicate with an AD FS Web Application Proxy while internal users communicate with the Identity Provider, select only Extranet.
Select One Identity Defender AD FS Adapter authentication method to enable multi-factor authentication using Defender.
|
NOTE: In an advanced multi-factor scenario, you can select Intranet and/or Extranet for each user or for each relying party. For more information, see the Microsoft’s TechNet article Overview: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center