MFA für Active Directory

Zuletzt aktualisiert am 30. Juli 2024

MFA für Active Directory ist eine zusätzliche Sicherheitsstufe, bei der Active Directory-Benutzer zwei Authentifizierungsfaktoren angeben müssen, um Zugang zu einem VPN, einer Anwendung oder einem Dienst zu erhalten. Beim ersten Faktor muss der Benutzer seinen Active Directory-Benutzernamen und sein Kennwort eingeben. Nach Abschluss des ersten Faktors durchläuft der Benutzer eine sekundäre Authentifizierung mit einer der verfügbaren Authentifizierungsmethoden, z. B. Mobile Push oder WebAuthn/U2F Security Key. Wenn beide Faktoren erfüllt sind, erhält der Benutzer Zugriff auf die Ressource. MFA für Active Directory verhindert, dass Hacker Zugriff auf Ressourcen erhalten, selbst wenn sie die Active Directory-Anmeldedaten des Benutzers kennen.

Rublon Shields Your On-Premise Active Directory Users

Throughout the years, user management systems have been a key component of every workforce, and on-premise Active Directory, or on-prem AD for short, has become one of the most popular identity providers (IdPs) around the globe. Rublon integrates with almost any external identity provider, from FreeRADIUS, through OpenLDAP and FreeIPA, to on-prem Active Directory, to enable powerful Multi-Factor Authentication and comfortable Single Sign-On for all your users.

Active Directory (on-prem AD) can be used as an external identity provider in the Rublon Access Gateway (which uses the SAML protocol) and Rublon Authentication Proxy (which uses the RADIUS protocol). You can use both of the preceding Rublon products to integrate with hundreds of applications, from VPNs like MikroTik to cloud apps, to Jira, WordPress, Linux, Awingu, and more. In addition to that, you can also set on-premise Active Directory as your authentication source for a set of Microsoft products like Windows Logon and RDP and Remote Desktop Service (Remote Desktop Gateway, or RD Gateway for short, and Remote Desktop Web Access, or RD Web for short). If you have your users in on-prem Active Directory and would like to introduce strong Multi-Factor Authentication in your company, then Rublon’s got you covered.

Active Directory with Windows Logon and Remote Desktop

If you are using on-premise Active Directory as your identity provider and are looking for MFA for Windows Logon and RDP or Remote Desktop Services, then Rublon is the way to go.

Rublon secures your Windows Logons and protects your Remote Desktop Logins.

Every time a user logs in to a machine protected by Rublon MFA, Rublon checks the user’s login and password against the data in on-premise AD. If credentials are correct, Rublon will send a Mobile Push authentication request to the user’s mobile device or perform another available second-factor authentication method.

Active Directory With SAML Compatible Applications

The Rublon Access Gateway is a web application that allows you to introduce Rublon MFA to every application compatible with the SAML protocol. Rublon Access Gateway works with all popular identity providers, including on-prem AD.

If you wish to enable Rublon MFA for applications or VPNs such as Cisco AnyConnect, Citrix Gateway, Freshdesk, GitHub, Kemp, Office 365, OpenVPN Cloud, Pulse Connect Secure, and hundreds more, then all you have to do is provide some basic Active Directory information in the Authentication Source tab in Rublon Access Gateway. Simply provide essential information like server address, server port, search base and attributes, and voilà – you’re good to go!

Rublon Access Gateway supports the following methods of authentication:

• Mobile Push
• WebAuthn/U2F Security Key
• Mobile Passcode (TOTP)
• SMS Passcode
• Email Link
• QR Code

A wide range of possible authentication methods gives both you and your users a choice in how users will be authenticated. Administrators can log in to the Rublon Admin Console and select which methods of authentication should be activated. When a user undergoes Multi-Factor Authentication, they can choose from authentication methods activated by the administrator. Therefore, it is possible to deactivate some methods of authentication depending on your needs and requirements. Moreover, you can assign different sets of authentication methods to different applications thanks to the all-powerful Rublon Policies.

Rublon Access Gateway is by far the best choice for enabling Multi-Factor Authentication for SAML applications if you are using on-prem AD as your identity provider.

How to enable MFA for SAML compatible applications (Active Directory)

Active Directory With RADIUS Compatible Applications

The Rublon Authentication Proxy is an on-premises RADIUS proxy server that empowers you to enable Rublon MFA for virtually any service compatible with the RADIUS protocol. While not all applications support the SAML protocol, those who do not, most often support the RADIUS protocol instead. Rublon supports both RADIUS and SAML to cover all types of applications and ensure you can introduce Multi-Factor Authentication to all your applications, VPNs, and services.

The Rublon Authentication Proxy supports several popular identity providers, including but not limited to on-prem AD.

Rublon Authentication Proxy supports the following methods of authentication:

• Mobile Push
• Mobile Passcode (TOTP)
• Email Links
• SMS Link

If your on-prem  Active Directory users sign in to applications that can be integrated using the RADIUS protocol, Rublon Authentication Proxy is a first-rate choice if you would like to introduce robust Multi-Factor Authentication to their login experience.

How to enable MFA for RADIUS compatible applications (Active Directory)

Related Posts

Rublon for SAML applications (Rublon Access Gateway)

Rublon for RADIUS applications (Rublon Authentication Proxy)

Rublon for Windows Logon and RDP – Documentation

Rublon for Remote Desktop Gateway – Documentation

Rublon for Remote Desktop Web Access – Documentation