We are not speaking here of AD FS specifically. Oddly, it appears to be a dev project, requiring some code and its own SQL DB. There is a technet article on how to use google authenticator with Active Directory Federated Services (AD FS): We would like physical login to be as tight as the VPN (and using a similar auth tool). But some tools (like our vpn server), use AD for auth AND support Google Authenticator on top of that. Where We Stand Today: Today, logins to desktop and PCs are via plain jane passwords. this is not about web-oriented OpenID and the like. (We use google authenticator with Amazon AWS, and many other hosted systems - each of those systems has its own user db.) E.g. We are trying to use the google authenticator tool (or authy or any other tool that implements that RFC) to add 2FA to AD itself. Ultimate Dream: With AD boosted by 2FA in this way, other apps we use that use AD as the directory will (we hope) magically get the 2FA benefit.įor clarity: We are not trying to use google (or other) accounts to log into AD. We thought this would be built in to Server 2016, but it appears not to be? ![]() ![]() This path is compelling because it is RFC based, and widely used for internet based apps, and the user base already has it and uses it all the time. ![]() Use Case: 2FA to log in to Active Directory (such as logging into a corporate desktop computer that is on AD)ĭesired Solution: Google Authenticator-style, RFC based MFA system.
0 Comments
Leave a Reply. |