Mario Härdi 1 Posted February 1, 2018 Report Share Posted February 1, 2018 Dear Clickstudios, actually we are Installing Passwordstate for our internal Services and also one of our Customer. For both Installation we would be able to add Azure MFA as an additional Authentication Option. Actually there are some multi-factor provider available, but we would like to Implement it with our Existing Azure MFA instead of Implementing another third-party authentication. Is it Possible to Implement this feature? Hope someone else is also missing this feature. Thanks in Advance and Best regards, Mario Knightdragon89 1 Link to post Share on other sites
support 233 Posted February 1, 2018 Report Share Posted February 1, 2018 Hi Mario, We have our One-Time Passwords authentication option you can use for this - can you try this out and let us know if you have any issues? For this, there are two options on the System Settings -> Authentication Options tab: Manual AD and One-Time Password One-Time Password If you don't want the 'Manual AD' option, you will need to disable Anonymous Authentication for the site in IIS. Regards Click Studios Link to post Share on other sites
Mario Härdi 1 Posted February 6, 2018 Author Report Share Posted February 6, 2018 HI, Unfortunately no. With One-Time-Passwort i am not able to implent with Azure MFA Service i host on my Server. Can't find any option to configure my Azure MFA Servers within Passwordstate. I remeber that it was available in previous version , hope i'm right. :-) Thanks and best regards, Mario Link to post Share on other sites
support 233 Posted February 6, 2018 Report Share Posted February 6, 2018 Hi Mario, I've just given this a quick test and the Azure 2FA app on my phone appears to be working well with our software:) Here's what I did: 1. Ensure you have your emergency access password handy just in case you lock yourself out of the system:) 2. Under my own personal preferences, I choose the One Time Password authentication option. 3. Under the One Time Password Section, generate a new code and scan it into the app on your phone/tablet 4. Save and logout 5. Now when you log in, you should be asked to enter your One-Time Password Here's a screen: Please be aware if this works for you, you can also set One-Time Password as the default Authentication option for everyone under System Settings, or you could alternatively use a User Account Policy to force all users to use this as their authentication method. Please let us know if this works for you? Regards, Support. Link to post Share on other sites
iCanHazPassword 1 Posted February 9, 2018 Report Share Posted February 9, 2018 Another option, configure Passworstate to use Azure as a SAML provider. All logins to Passwordstate will be via Azure AD which will prompt for MFA if configured. I can confirm this works, I've done it in our environment. Link to post Share on other sites
Mario Härdi 1 Posted February 13, 2018 Author Report Share Posted February 13, 2018 Hi All, thanks for your Support. We will Implement it now by using Manual AD and Radius, where Radius is served from the Azure MFA Server which is hosted on premise. Our Solution should use the same infrastructure as already is in use, the custumer wan't use multibple different ways for Multifactor Authentication to reduce the comlexity. ;-) Thanks and best regards, Mario Link to post Share on other sites
support 233 Posted February 13, 2018 Report Share Posted February 13, 2018 Thanks Mario Link to post Share on other sites
Mario Härdi 1 Posted May 4, 2018 Author Report Share Posted May 4, 2018 Hi All, i have al little follow Up to this case. It tooked some time but now we tried to implement the Radius Authentication wit Azure MFA Application. Configuration: I also set it as System Wide default! But now iget first the Active Directory Login: After a successfull logon i get the Radius Login: if i enter my Credentials now again i recieve my One Time Password from my Azure MFA Server. But i don't get a Window to enter the code. Do you have any Suggestion? Thanks and Best regards, Mario Link to post Share on other sites
support 233 Posted May 5, 2018 Report Share Posted May 5, 2018 Hi Mario, Sorry, but I forgot to mention previously that our RADIUS authentication does now support 2FA in this method - only basic Username and Password authentication. Regards Click Studios Link to post Share on other sites
Mario Härdi 1 Posted May 8, 2018 Author Report Share Posted May 8, 2018 Hi, thanks for that Information. :-) How about the chance that you implement a 2FA for RADIUS in a future release? Thanks and best regards, Mario Link to post Share on other sites
support 233 Posted May 8, 2018 Report Share Posted May 8, 2018 Thanks Mario, and yes we will consider this for a future release. Regards Click Studios Link to post Share on other sites
cwaters 1 Posted May 8, 2018 Report Share Posted May 8, 2018 Other than needing to login twice, once for AD and once for Radius, you "can" use Azure MFA with a NPS server with the Azure MFA extension installed. You will need to be using the "push" notifications for the Authenticator app but this does work. I tested it today as a matter of fact. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension Link to post Share on other sites
support 233 Posted May 8, 2018 Report Share Posted May 8, 2018 Thanks cwaters - we really appreciate the information Regards Click Studios Link to post Share on other sites
Recommended Posts