Installing the VIP Integration Module for AD FS To install the VIP integration module for AD FS,
1. Navigate to Active_Directory_Federation_Services.zip and extract it.
2.Open the Active_Directory_Federation_Services folder and select setup.exe and run as administrator.
Configuring VIP Integration Module for AD FS
You must complete the procedures that are described in this section to configure the VIP integration module for AD FS.
Installing Prerequisite Software
You must install and configure the following software before installing the AD FS plug-in:
■ If you are running AD FS 3.0 on Windows 2012 R2 (x64) Server, then you must install Microsoft .NET version 4.5.2. (Download and install from the Microsoft portal.)
Configuring VIP Authentication Service
To configure VIP Authentication Service, follow these steps: 1. After installing the VIP integration module for AD FS, click Finish. The VIP Integration Settings window is displayed.
2. To configure VIP Authentication Service, edit the following fields:
3. To test the authentication service configuration, follow these steps:
■ Click Test Settings.
■ Enter a valid user name and security code. Ensure that the user name that you enter in Test Settings matches exactly with the user name in VIP Cloud or VIP Manager.
■ Click OK.
Configuring AD FS 3.0
This section describes the procedure for enabling multi-factor authentication and protecting AD FS Relying Party Trust for AD FS 3.0.
Enabling Multi-factor Authentication
Complete the following steps to enable multi-factor authentication:
1. Go to Control Panel —> System Security —> Administrative Tools.
2. Open AD FS Management console.
3. In the left navigation pane, click AD FS —> Authentication Policies. The Authentication Policies Overview page is displayed.
4. In the Primary Authentication section, click Edit in the Global Settings option. The Edit Global Authentication Policy page is displayed.
5. In the primary authentication, select the authentication method your organization uses currently. For example, Forms Authentication.
6. In the Multi-Factor Authentication section, click Edit in the Global Setting option. The Edit Global Authentication Policy page with the Multi-factor tab is displayed.
Protecting AD FS Relying Party Trust
Complete the following steps to protect Relying Party Trust for any third-party web application:
1. In the left navigation pane, click AD FS —> Authentication Policies. The Authentication Policies Overview page is displayed.
2. Click Per Relying Party Trust and select the relying party you have added (For example, Salesforce or Office 365).
3. Right-click on the relying party and select Edit Custom Primary Authentication.
4. In the Multi-factor tab, select Extranet and Intranet, and click Apply.
Enabling Multi-factor Authentication
Complete the following steps to enable multi-factor authentication:
1. Go to Control Panel —> System Security —> Administrative Tools.
2. Open the AD FS Management console.
3. In the left navigation pane, click AD FS —> Service —> Authentication method. The Authentication Method Overview page is displayed. Configuring AD FS 20 Configuring AD FS 4.0
4. In Primary Authentication, click Edit in the Global Settings option. The Edit Global Authentication Policy page is displayed.
5. Click Edit in Multi-factor Authentication Method.
6. In the Edit Authentication Methods window, select the VIP Authentication Provider check box as shown in the following figure.
Protecting AD FS Relying Party Trust
Complete the following steps to protect Relying Party Trust for any third-party web application:
1. In the left navigation pane, click AD FS —> Relying Party Trust.
2. Select the relying party you have added (For example, Salesforce or Office 365).
3. Right-click on the relying party and select Edit Access Control Policy.
4. Under the Access Control Policy tab, select Permit everyone and require MFA, or select Required MFA Policy.
Testing Multi-Factor Authentication with VIP Authentication Provider
Perform the following steps:
1. Access the IdP initiated single sign-on URL. For example, https:///adfs/ls/ IdpInitiatedSignOn.aspx.
2. Enter a valid user name and password.
3. Enter a valid security code. You will be redirected to the protected application home page.