Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
Knowledge Base
Active Directory Management » Knowledge Base

How to configure two-factor authentication (TFA) in ADManager Plus

Objective: To configure two-factor authentication (TFA) in ADManager Plus

Solution:

You can configure secure login to the ADManager Plus console by configuring two factor authentication (TFA). If TFA is enabled for ADManager Plus, technicians need to authenticate twice--first by entering their credentials and then by another method as enabled by the admin--to log in to the ADManager Plus console. However, the ADManager Plus default admin account is allowed to skip TFA.

ADManager Plus allows TFA to be performed through authentication services such as Duo Security, Google Authenticator, RSA SecurID, or one time password (OTP) via email.

Steps to configure TFA in ADManager Plus

  1. Logon to ADManager Plus and click the Delegation tab.
  2. Under the Configuration section of the left navigation pane, click on Logon Settings.
  3. Click on the Two Factor Authentication tab.
  4. Enable the Two Factor Authentication is option.
  5. Select any of the following authentication service for TFA:
    1. Duo Security
      • Login to your Duo Security account, and navigate to the Applications section in the left pane.
      • Click on the Protect an Application option.
      • Search for Web SDK and click on Protect this Application.
      • Copy the Integration Key, Secret Key, and API Hostname, and past it in the ADManager Plus console.
      • Click Save.
    2. Google Authenticator
      • Select the Enable Google Authenticator option.
      • Click Save.

        During ADManager Plus login, enter the code generated by the Google Authenticator app in your smartphone, in addition to your user name and password. Click here for more details.

    3. One time password via email

      In order to receive OTP via email, you need to configure the email server settings in the product. For this:

      • Navigate to the Admin tab.
      • Click on the Server option under General Settings.
      • Enter the Admin mail address. Test the settings using the Send Test Mail option
      • Click the Save Changes option.
      • Under the One time password via email section of the Delegation tab, enter the subject of the OTP mail.
      • Enter the content of the email using macros.
      • Click Save.
    4. RSA Authenticator
      • Logon to your RSA admin console (e.g., https://RSA machinename.domain DNS name/sc).
      • Click on Access, click Authentication Agents, and click Add New.
      • Add ADManager Plus server as an authentication agent and click Save.
      • Go to Access, click on Authentication Agents, and click Generate Configuration File.
      • Download AM_Config.zip (Authentication Manager config).
      • Extract sdconf.rec from the zip to <installation-dir>/bin location. If a file named securid exists, copy it too.
      • In the ADManager Plus console, select the Enable RSA Authenticator option.
      • Click Save.

 

Select a language to translate the contents of this web page:

Need further assistance?

Fill this form, and we'll contact you rightaway.

Request Support

  •  
  • *
     
  • *
     
  • *
     
  • By submitting you agree to processing of personal data according to the Privacy Policy.

"Thank you for submitting your request.

Our technical support team will get in touch with you at the earliest."

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Highlights AD Management Active Directory Reports Exchange Management Popular products
Email Download Link email-download-top