ADFS-MFA AGENT İNTEGRATİON

This section includes the agent installation and configuration steps required for integrating the ARK2FA security layer with Active Directory Federation Services (ADFS).

1. Preparation and Transfer of Agent Files

After the FTW (First Time Wizard) setup is complete, the agent files required for integration are located under the "Agent" folder in the directory where ARK2FA is installed.

Step 1: Create a new folder named "Arksoft_ADFS" under the C: drive on the ADFS server.

Important Notice: It is a technical necessity that the folder name is exactly "Arksoft_ADFS".

Step 2: Copy all files inside the "Agent" folder on the ARK2FA server and paste them into this new folder you created on the ADFS server.

2. Configuration (Config) Settings

Step 3: After the copying process is complete, open the config file within the folder using a text editor (Notepad, etc.).

Step 4: Check the webApiUrl parameter within the file. This address must be exactly the same as the special domain address you specified during the ARK2FA installation (Example: https://ark2fa.domain.com).

3. ADFS Authentication Settings (Pre-Configuration)

Step 5: Open the AD FS Management console on the ADFS Server.

Step 6: Follow the path Service > Authentication Methods on the left menu, and click the Edit option on the right.

Step 7: In the opened window, navigate to the "Additional Authentication Methods" tab. Ensure that the selections in this area are as specified in the image below (Uncheck existing selections if necessary).

4. Registering the Agent to the System (PowerShell)

After the configuration files are prepared, the agent must be registered with the ADFS system.

Step 8: Run PowerShell As Administrator on the ADFS server.

Step 9: Type the following command to navigate to the file path:

PowerShell

cd C:\Arksoft_ADFS

Step 10: Copy and paste the entire code block below into the PowerShell window and run it. If a confirmation prompt appears during the process, press Y (Yes) to continue.

PowerShell

# Existing provider is removed if present
Unregister-AdfsAuthenticationProvider "OTP ADFS" -ErrorAction SilentlyContinue

# Registering DLL Files to GAC
$folderPath = "C:\Arksoft_ADFS"
$dllFiles = Get-ChildItem -Path $folderPath -Filter "*.dll"

foreach ($dllFile in $dllFiles) {
    & ".\gacutil.exe" /if $dllFile.FullName
    Write-Output "DLL registered: $($dllFile.FullName)"
}

# Introducing the Agent to ADFS
$typeName = "ADFSCustomAuth.MyAdapter, ADFSCustomAuth, Version=1.0.0.0, Culture=neutral, PublicKeyToken=60a37d017dbd582b, processorArchitecture=MSIL"
Register-AdfsAuthenticationProvider -TypeName $typeName -Name "OTP ADFS"

# Restarting Services
net stop adfssrv
net start adfssrv

Note: If the services do not start via the command line, open the services.msc (Services) console and start the Active Directory Federation Services service manually.

5. Activating the Integration

Step 11: After the services restart, open the AD FS Management console again.

Step 12: Follow the path Service > Authentication Methods > Edit.

Step 13: In the opened list, you will see the "OTP ADFS" (or Ark2FA Authentication) option appear. Check the box for this option and click the OK button.

6. Access Control Policy (MFA Requirement)

As a final step, you need to determine which applications the MFA protection will be enforced for.

Step 14: In the AD FS Management console, navigate to the Relying Party Trusts menu.

Step 15: Right-click on the domain/application where you want to add MFA protection (Example: Outlook on the web) and click the Edit Access Control Policy option.

Step 16: In the opened policy screen:

Click the "Use access control policy" link at the bottom (If it is in the old rule mode).
Select the "Permit everyone and require MFA" option from the list (The selected area in the picture).
Click the Apply and OK buttons to complete the process.

PreviousInitial Login, LDAP Settings, and License Activation NextADFS-ARK2FA ve EXCH Integration Guide

Last updated 23 days ago