The purpose of this integration document is to provide guidelines on how to integrate Mideye two-factor authentication with Microsoft Active Directory Federation Service.
Prerequisites & general issues
A Mideye Server (any release). If there is a firewall between the ADFS-server and the Mideye Server, it must be open for two-way RADIUS traffic (UDP, standard port 1812). ADFS acts as a RADIUS client towards the Mideye Server. Hence, the ADFS-server must be defined as a RADIUS client on the Mideye Server. Refer to the Mideye Server Configuration guide for information on how to define a new RADIUS client.
Supported ADFS-versions are Windows Server 2012R2, 2016 and 2019.
This guide will not explain how to setup ADFS. Refer to Microsoft-documentation how to configure ADFS before proceeding with this integration document.
Remove any existing versions of Mideye ADFS module
Before installing a new version of the module, any existing module must be uninstalled. Complete the following steps to remove older versions of the ADFS-module.
Installing the ADFS module
Run the ADFS-package as an administrator.
Enable the module
Open the ADFS management console and navigate to Authentication Method and click edit next to multi factor authentication methods. Enable the MFA-method and click OK.
Navigate to Access control policies and move any relaying party to use MFA.
Refer to configuration guide how to create a new RADIUS-client on the Mideye Server.
On the created RADIUS-client, navigate to Client configuration and remove the “Check static password”. This check is not necessary since ADFS will perform a username and password check before allowing an authentication.
Customise error messages, language and Serverlist
To change language and customise informational / error messages, open Mideye ADFS configuration editor. To customise any field, check the Custom edit button and make any changes followed by Save.
To add/remove/edit the RADIUS-server list open the tab Client settings and check the Custom edit button. Make any changes followed by Save.
If any event-viewer logs with error codes are showing up with the text System.AggregateException: One or more errors occurred. —> System.Exception: Could not connect to regedit the service account used by ADFS must be added to the local administrator groups on all machines that have the Mideye-module installed. For further information please contact Mideye support.
Check if anything is written to the Mideye RADIUS logs
If nothing is logged, verify that udp/1812 is allowed between your ADFS server and Mideye Server. Also, check Event viewer for logs on the ADFS-server.
Contact Mideye support
For further support please contact Mideye support, firstname.lastname@example.org, +46854514750.