Last updated on September 1, 2025
MFA for Active Directory is an extra layer of security that requires Active Directory users to provide two authentication factors to gain access to a VPN, application, or service. The first factor involves the user entering their Active Directory username and password. After completing the first factor, the user undergoes secondary authentication using one of the available authentication methods, such as Mobile Push or WebAuthn/U2F Security Key. After completing both factors, the user gains access to the resource. MFA for Active Directory prevents hackers from gaining access to resources even if they know the user’s Active Directory login credentials.
Rublon Shields Your On-Premise Active Directory Users
Throughout the years, user management systems have been a key component of every workforce, and on-premise Active Directory, or on-prem AD for short, has become one of the most popular identity providers (IdPs) around the globe. Rublon integrates with almost any external identity provider, from FreeRADIUS, through OpenLDAP and FreeIPA, to on-prem Active Directory, to enable powerful Multi-Factor Authentication and comfortable Single Sign-On for all your users.
Active Directory (on-prem AD) can be used as an external identity provider in the Rublon Access Gateway (which uses the SAML protocol) and Rublon Authentication Proxy (which uses the RADIUS protocol). You can use both of the preceding Rublon products to integrate with hundreds of applications, from VPNs like MikroTik to cloud apps, to Jira, WordPress, Linux, Awingu, and more. In addition to that, you can also set on-premise Active Directory as your authentication source for a set of Microsoft products like Windows Logon and RDP and Remote Desktop Service (Remote Desktop Gateway, or RD Gateway for short, and Remote Desktop Web Access, or RD Web for short). If you have your users in on-prem Active Directory and would like to introduce strong Multi-Factor Authentication in your company, then Rublon’s got you covered.
Active Directory with Windows Logon and Remote Desktop
If you are using on-premise Active Directory as your identity provider and are looking for MFA for Windows Logon and RDP or Remote Desktop Services, then Rublon is the way to go.
Rublon secures your Windows Logons and protects your Remote Desktop Logins.
Every time a user logs in to a machine protected by Rublon MFA, Rublon checks the user’s login and password against the data in on-premise AD. If credentials are correct, Rublon will send a Mobile Push authentication request to the user’s mobile device or perform another available second-factor authentication method.
Active Directory With SAML Compatible Applications
The Rublon Access Gateway is a web application that allows you to introduce Rublon MFA to every application compatible with the SAML protocol. Rublon Access Gateway works with all popular identity providers, including on-prem AD.
If you wish to enable Rublon MFA for applications or VPNs such as Cisco AnyConnect, Citrix Gateway, Freshdesk, GitHub, Kemp, Office 365, OpenVPN Cloud, Pulse Connect Secure, and hundreds more, then all you have to do is provide some basic Active Directory information in the Authentication Source tab in Rublon Access Gateway. Simply provide essential information like server address, server port, search base and attributes, and voilà – you’re good to go!
Rublon Access Gateway supports the following methods of authentication:
A wide range of possible authentication methods gives both you and your users a choice in how users will be authenticated. Administrators can log in to the Rublon Admin Console and select which methods of authentication should be activated. When a user undergoes Multi-Factor Authentication, they can choose from authentication methods activated by the administrator. Therefore, it is possible to deactivate some methods of authentication depending on your needs and requirements. Moreover, you can assign different sets of authentication methods to different applications thanks to the all-powerful Rublon Policies.
Rublon Access Gateway is by far the best choice for enabling Multi-Factor Authentication for SAML applications if you are using on-prem AD as your identity provider.
How to enable MFA for SAML compatible applications (Active Directory)
Active Directory With RADIUS Compatible Applications
The Rublon Authentication Proxy is an on-premises RADIUS proxy server that empowers you to enable Rublon MFA for virtually any service compatible with the RADIUS protocol. While not all applications support the SAML protocol, those who do not, most often support the RADIUS protocol instead. Rublon supports both RADIUS and SAML to cover all types of applications and ensure you can introduce Multi-Factor Authentication to all your applications, VPNs, and services.
The Rublon Authentication Proxy supports several popular identity providers, including but not limited to on-prem AD.
Rublon Authentication Proxy supports the following methods of authentication:
If your on-prem Active Directory users sign in to applications that can be integrated using the RADIUS protocol, Rublon Authentication Proxy is a first-rate choice if you would like to introduce robust Multi-Factor Authentication to their login experience.
How to enable MFA for RADIUS compatible applications (Active Directory)
Related Posts
Rublon for SAML applications (Rublon Access Gateway)
Rublon for RADIUS applications (Rublon Authentication Proxy)
Rublon for Windows Logon and RDP – Documentation
