Chat now with support
Chat with Support

Starling Two-Factor Authentication Hosted - AD FS Adapter Administrator Guide

Overview

One Identity Starling Two-Factor AD FS Adapter integrates with Microsoft Active Directory Federation Services (AD FS) to add two-factor authentication to services using browser-based federated logins. Starling Two-Factor AD FS Adapter supports relying parties that use Microsoft WS-Federation protocol such as Office 365, as well as SAML 2.0 federated logins for cloud applications such as Google Apps and Salesforce.com. Starling Two-Factor AD FS Adapter supports Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

Starling Two-Factor AD FS Adapter adds multi-factor authentication (MFA) that provides a two-factor authentication prompt to web-based logins through AD FS server or Web Application Proxy. After completing the primary AD FS server authentication, using standard methods such as Windows Integrated or Forms-Based, complete Starling Two-Factor authentication before getting redirected to the relying party. If the deployment is in an AD FS farm, install Starling Two-Factor AD FS Adapter on all AD FS servers in the farm.

Figure 1: Starling Two-Factor AD FS Adapter deployment overview

 

 

After the installation of Starling Two-Factor AD FS Adapter on the AD FS servers in the farm, while configuring the multi-factor authentication policies, select the MFA location (Internal access or External access or both as per the requirement). If you require two-factor authentication for External access locations, a Web Application Proxy is required and you do not have to install Starling Two-Factor AD FS Adapter on the Web Application Proxy server.

AD FS Adapter Network Diagram

Starling Two-Factor AD FS Adapter Network diagram

The following diagram gives an overview of how AD FS Adapter functions with Starling Two-Factor Authentication to provide two-factor authentication to the relying parties.

Installing Starling Two-Factor AD FS Adapter

The following sections brief about the prerequisites and the steps to download and install the latest version of the Starling Two-Factor AD FS Adapter.

Prerequisites for Starling Two-Factor AD FS Adapter installation

Before installing Starling Two-Factor AD FS Adapter, verify the following on the system:

  • Microsoft .NET Framework 4.6.2 or later is installed

  • PowerShell 4.0 or later is installed

  • AD FS role is installed

  • AD FS service is running
  • The federated logins to the relying parties are working

  • A valid phone number and email address are configured in the Active Directory for the user

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents