Jump to content

Recommended Posts

Dear Clickstudios,

 

actually we are Installing Passwordstate for our internal Services and also one of our Customer.

For both Installation we would be able to add Azure MFA as an additional Authentication Option. Actually there are some multi-factor provider available, but we would like to Implement it with our Existing Azure MFA instead of Implementing another third-party authentication.

 

Is it Possible to Implement this feature?

 

Hope someone else is also missing this feature.

 

Thanks in Advance and Best regards,

Mario

Link to post
Share on other sites

Hi Mario,

 

We have our One-Time Passwords authentication option you can use for this - can you try this out and let us know if you have any issues?

 

For this, there are two options on the System Settings -> Authentication Options tab:

  • Manual AD and One-Time Password
  • One-Time Password

If you don't want the 'Manual AD' option, you will need to disable Anonymous Authentication for the site in IIS.

 

Regards

Click Studios

Link to post
Share on other sites

Hi Mario,

 

I've just given this a quick test and the Azure 2FA app on my phone appears to be working well with our software:)  Here's what I did:

 

1. Ensure you have your emergency access password handy just in case you lock yourself out of the system:)

2. Under my own personal preferences, I choose the One Time Password authentication option.

3. Under the One Time Password Section, generate a new code and scan it into the app on your phone/tablet

4. Save and logout

5. Now when you log in, you should be asked to enter your One-Time Password

 

Here's a screen:

2018-02-07_7-31-37.png

 

Please be aware if this works for you, you can also set One-Time Password as the default Authentication option for everyone under System Settings, or you could alternatively use a User Account Policy to force all users to use this as their authentication method.  Please let us know if this works for you?

 

Regards,

Support.

Link to post
Share on other sites

Hi All,

 

thanks for your Support.

We will Implement it now by using Manual AD and Radius, where Radius is served from the Azure MFA Server which is hosted on premise.

Our Solution should use the same infrastructure as already is in use, the custumer wan't use multibple different ways for Multifactor Authentication to reduce the comlexity. ;-)

 

Thanks and best regards,

Mario

Link to post
Share on other sites
  • 2 months later...

Hi All,

 

i have al little follow Up to this case.

It tooked some time but now we tried to implement the Radius Authentication wit Azure MFA Application.
 

Configuration:

Radius_2.jpg.8ddfc306786ba1495eea876ca1fe65ea.jpgRadius_1.jpg.0bbb994eefbacd76c20dcf47cdd1987e.jpg

I also set it as System Wide default!

 

But now iget first the Active Directory Login:

Radius_3.jpg.332c682752d4dbec6453ba7526a6f0a6.jpg

After a successfull logon i get the Radius Login:

Radius_4.jpg.1cb31525fd6cc0c79d7b5288d1a1494b.jpg

if i enter my Credentials now again i recieve my One Time Password from my Azure MFA Server.

But i don't get a Window to enter the code.

 

Do you have any Suggestion?

 

Thanks and Best regards,

Mario

 

Link to post
Share on other sites

Other than needing to login twice, once for AD and once for Radius, you "can" use Azure MFA with a NPS server with the Azure MFA extension installed.  You will need to be using the "push" notifications for the Authenticator app but this does work.  I tested it today as a matter of fact.

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

Link to post
Share on other sites
×
×
  • Create New...