Introduction
The purpose of this document is to provide an overview of how Windows Hello for Business (WHFB) 2016 and 2019 can be integrated with Mideye two factor authentication for ADFS 3.0/4.0. For detailed instructions, and support, please contact support@mideye.com
Prerequisites & general issues
Requirements
A Mideye Server (4.7.2). If there is a firewall between the ADFS server(s) and the Mideye Server, it must be open for two-way RADIUS traffic (UDP, standard port 1812). ADFS acts as a RADIUS client towards the Mideye Server. Hence, the ADFS server must be defined as a RADIUS client on the Mideye Server. Refer to the Mideye Server Configuration guide for information on how to define a new RADIUS client.
Mideye ADFS plugin is required on any Windows Server running ADFS 3.0 or 4.0. ADFS 2.0 is not supported.
Supported deployment methods
WHFB with Mideye ADFS two factor authentication will work in the following deployment methods:
- On Premises Key Trust Deployment
- On Premises Certificate Trust Deployment
- Hybrid Azure AD joined Key Trust Deployment
- Hybrid Azure AD joined Certificate Trust Deployment
Installing Mideye MFA module on ADFS servers
Instructions how to install Mideye two factor authentication for ADFS can be found here.
Proof of Concept
Once installed and configured, when the WHFB GPO is applied to a user or computer, the following procedure will be presented to the enduser:
Contact Mideye support
For further support please contact Mideye support, support@mideye.com, +46854514700.