Last updated on March 6th, 2020
Rublon extends Microsoft AD FS by enabling multi-factor authentication for services that are accessible via browser-federated logins.
The Rublon AD FS module supports relying parties that use the following protocols:
- Microsoft’s WS-Federation (e.g. Office 365),
- SAML 2.0 (e.g. Salesforce, Workday).
You can try Rublon for AD FS by starting a free trial of Rublon.
Use the Rublon for AD FS module to enable multi-factor authentication for your intranet and extranet applications. Rublon will prompt your users every time during the login process. After completing the primary authentication to the AD FS server (by any standard means such as Windows Integrated or Forms-Based), your users will be required to complete a Rublon authentication challenge before getting redirected back to the relying party.
Installing the Rublon AD FS module
- Register your organization at the Rublon Admin Console.
- Add a new application to your organization’s Rublon Admin Console (type “Other”).
- Collect the new application’s System Token and Secret Key.
Enable Rublon for AD FS Multi-Factor Authentication
- Run PowerShell with administrative privileges
- Unzip the
- Go to the PowerShell console and navigate to the unzipped Rublon module folder
- Run the installation script using the following command:
- Once the installation script is started it will create a registry entry for module configuration parameters. It will ask you for the System Token and Secret Key:
- If the installation was successful, the following message will be shown:
- Restart the AD FS server by using the following commands:
net stop adfssrv
net start adfssrv
- Launch the AD FS management console on your primary internal AD FS server and navigate to AD FS → Service → Authentication Methods
- Click the Edit link under Multi-factor Authentication Methods or click Edit Multi-factor Authentication Methods… action on the right panel
- Check the box next to Rublon for AD FS to enable Rublon and click OK:
- Go to AD FS → Access Control Policies and either edit one of the existing MFA policies to apply it to users or groups, or create a new MFA policy if no predefined policy is sufficient for your organization’s requirements.
- Go to AD FS → Relying Party Trusts, right-click the relying party trust where you want to add Rublon and select Edit Access Control Policy.
- Pick a policy for the relying party that includes MFA and then click OK. The MFA policy immediately applies to the selected relying party.
- Test the new MFA authentication method using the AD FS test login page:
Uninstalling the Rublon AD FS module
- Launch the AD FS management console on your primary internal AD FS server and navigate to AD FS → Service → Authentication Methods.
- Click the Edit link under Multi-factor Authentication Methods or click Edit Multi-factor Authentication Methods… action on the right panel.
- Uncheck the box next to Rublon for AD FS to disable Rublon and click OK:
- Run PowerShell with administrative privileges.
- Go to the PowerShell console and navigate to the Rublon module folder.
- Run the uninstall script:
- Confirm that you want to remove Rublon from the AD FS authentication provider list:
- Restart the AD FS server for changes to take effect.
Reinstalling the Rublon AD FS module
If you’d like to reinstall the Rublon AD FS module, please first uninstall it and then install it again. Please follow the above instructions.
- AD FS connection initiated
- Primary authentication to Active Directory
- AD FS redirects to Rublon endpoint over TCP using SSL protocol
- Second factor authentication via Rublon
- AD FS receives authentication response
- AD FS session successfully authenticated