SS Technology Forum

SS Technology Forum

Computer Migration - Things to Consider

Here are a few points which you can consider while doing computer migration. These points are applicable to all migrations irrespective of the migration tool (ADMT, NetIQ, Quest etc)

Active Directory User Migration

Here is a graphical representation of the high level steps involved in an Active Directory migration using ADMT

User Migration and Merging Using Quest Migration Manager

Pre-creating user account in the target domain is a common scenario these days due to single-sign-on solution, HR management procedure etc

Microsoft Right Management Service (RMS)

Rights Management Service (RMS) is an add-on to many RMS aware applications. In this article my main focus is to explain how we can utilize RMS technology with Exchange 2003 and how we can take advantage of RMS technology to increase the email security

Microsoft ISA Server

I am sure we have all either encountered or heard of this "problem" one time or another if the ISA Server is part of the Active Directory Domain. Is it a problem?

Thursday, October 20, 2016

Windows Server 2016–Active Directory–Part1

  1. Part1 - Windows Server 2016 – Active Directory
  2. Part 2 - Windows Server 2016 – Active Directory – Temporary Group Memberships
As you know, the latest version of Windows Server - Windows Sever 2016 - is currently available. It is available in Azure as well as I mentioned here.  You can read “what is new with Windows Server 2016” in this Microsoft article here.   In general, Windows Server 2016 provides:
  • Added layers of security - Enhance security and reduce risk with multiple layers of built-in protection.
  • New deployment options - Increase availability and reduce resource usage with the lightweight Nano Server.
  • Built-in containers - Develop and manage with agility thanks to Windows Server and Hyper-V containers.
  • Cost-efficient storage - Build highly available, scalable software-defined storage and reduce costs.
  • Innovative networking - Software-defined networking to automate with cloud-like efficiency.
I am not going to the details of Windows Server 2016 or it’s capabilities here. You can read all that information in the above mentioned URL. My plan is to start a new blog series on Windows Server 2016 and Active Directory functionalities.  To begin this, I will add a new Widows Sever 2016 to my existing Active Directory 2012 domain and promote the Widows Sever 2016 as an additional domain controller. The Domain Promotion process is very similar to the previous versions of windows.
There is an upgrade to Active Directory Schema. Shema can be upgraded during the domain promotion process. The new Schema or ObjectVersionNumber is 87. Some addition information is included here in my TechNet wiki article. You can verify this by using ADSI Edit or DSQuery or PowerShell commands.
Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
clip_image002
dsquery * CN=Schema,CN=Configuration,DC=labanddemo,DC=com -scope base -attr objectVersion
clip_image004
As a reference, I have provided the following table that lists the Active Directory Schema and the corresponding Object Version:
Active Directory Object Version
Windows 2000 13
Windows 2003 30
Windows 2003 R2 31
Windows 2008 44
Windows 2008 R2 47
Windows 8 Beta 52
Windows 2012 56
Windows 2012 R2 69
Windows Server 2016 87

***ObjectVersion 39 - Please refer http://blogs.technet.com/b/askds/archive/2011/07/15/friday-mail-sack-peevish-nediquette-edition.aspx clip_image006
Anyway, we can start this journey with DC promotion process. The following section provides step-by-step instructions.
  1. Join computer to your exiting Active Directory Domain.
clip_image008
2. Click OK on the Welcome window and restart the server. After the reboot, this server will be member server in your existing Active Directory Domain. By default, this server will be in Computer Container.
clip_image010
3. Login to the server using a domain credentials (domain\username). You need to have proper permission to upgrade the schema and add an additional domain controller.
clip_image012
4. Next step is to add ADDS server roles onto your new Windows Server 2016 server. Open Server Manger and select Add Roles and Features option.
clip_image013
5. Click Next on the Before you begin window.
clip_image015
6. Select Role-based or Feature-based installation option. Click Next.
clip_image017
7. On the Select Destination Server window, select your local Windows Server 2016 server. Click Next.
clip_image018
8. From Server Roles option, select Active Directory Domain Services. Accept the additional Role Feature requirements. Click Add Features.
clip_image019
9. Click Next on the Select Features window.
clip_image021
10. Click Next on Active Directory Domain Services window.
clip_image022
11. Select Install option to begin AD DS role installation Process.
clip_image024
12. Now you have installed the AD DS role onto your new Windows Server 2016. Next step is to add an additional domain controller for your existing domain. As you can see on the following screenshot, you need to perform some cognition and post-deployment option to complete this task. Click Close.
clip_image025
  1. From Server Manager, select Promote this server to a domain controller option. This will initiate the DCPROMO (Yes. I still like this word!) process.
clip_image027
14. As you can see on the following screenshot, you have 3 options:
1. Add a domain controller for an existing domain
2. Add a new domain to an existing forest
3. Add a new forest.
4. For this exercise, you will be selecting the first option - Add a domain controller for an existing domain
5. If you have only one domain and this new server is part of that domain, default domain name will be listed in the Domain column.
6. Provide a domain credential with proper permission to perform these tasks. If the current/logged in user doesn’t have sufficient permission, you can select Change option to enter a new credential.
clip_image029
15. From the Domain Controller Options window,
1. select the appropriate options for your environment. In my scenario, I will be selecting:
1. Domain Name System (DNS) server
2. Global Catalog (GC)
2. Provide a password for Directory Service Restore Mode (DSRM)
3. Click Next.
clip_image031
16. Click Next on the DNS Options window.
clip_image033
17. On the Additional Options window, select appropriate AD data replication option. I will be selecting Any Domain Controller option for this exercise. Click Next.
clip_image035
18. From Paths window, select appropriate path for AD Database and Log file. Click Next.
clip_image037
19. The next section will perform:
1. Forest and Schema peroration for Windows Server 2016.
2. Domain Preparation for Windows Server 2016.
3. Click Next to continue.
clip_image038
  1. Click Next to continue and begin the Prerequisites Check.
  2. Verify the Prerequisites Check result. Click Next to start the Domain Controller promotion process.
clip_image040
22. I have included the common Prerequisites warning information for your reference here.
Windows Server 2016 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security channel sessions.
For more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751).
This computer has at least one physical network adapter that does not have static IP address(es) assigned to its IP Properties. If both IPv4 and IPv6 are enabled for a network adapter, both IPv4 and IPv6 static IP addresses should be assigned to both IPv4 and IPv6 Properties of the physical network adapter. Such static IP address(es) assignment should be done to all the physical network adapters for reliable Domain Name System (DNS) operation.
A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "labanddemo.com". Otherwise, no action is required.
23. Reboot the server after completing the DCPROMO process. After the restart, the new Windows Server 2016 will be an additional domain controller in your existing domain. The Schema will be upgraded to Windows Server 2016.
I believe this is good for Part-1 of this blogs series. In Part-2, my plan to focus more on Active Directory related functionalities. Please post a comment here if you like to see an particular topic in this blog series.
  1. Part1 - Windows Server 2016 – Active Directory
  2. Part 2 - Windows Server 2016 – Active Directory – Temporary Group Memberships

Wednesday, October 5, 2016

Microsoft Advanced Threat Analytics (ATA) - Attack Simulation and Demo

Microsoft Advanced Threat Analytics (ATA) is an user and entity behavior analytics solution to identify and protect protect organizations from advanced targeted attacks (APTs).  You can read more information about Microsoft Advanced Threat Analytics (ATA) here.  The purpose of this blog is to provide a few methods which can be used to simulate and demonstrate some of the basic attacks for demo and testing purpose.
Suspicious Activity Simulation #1ATA Gateway Stopped Communicating
We will start with the most obvious one! – ATA communication issue.   In this scenario, I am using ATA Light Weight Gateway(LWGW).  In this case Microsoft Advanced Threat Analytics Gateway (ATAGateway) service should be running on Domain Controllers.
To simulate this scenario,
  1. Identify all Domain Controllers from the forest/domain. You can use the following DSQUERY command to get all DCs from the domain. 
    • DsQuery Server -Forest
  2. Stop the ATAGateway service remotely
    • Here are a few scripts -  Script1 or Script2 or Script3 – if you want to go a script based approach
    • Or we can use a simple SC command – SC \\Lab-DC01 stop ATAGateway
    • image
You will receive the following high alert – ATA Gateway Stopped Communicating – in Health Center.
image
Suspicious Activity Simulation #2- Honey Token Account Activities
In general, the Honey Token accounts are non-interactive accounts.  These accounts can be dummy accounts for detect malicious activities.
To simulate this scenario,
  1. Create two 2 user accounts in Active Directory (ATA-Test1 and ATA-Test2)
  2. Add ATA-Test2 to Domain Admins group
  3. Get the SID of ATA-Test1 and ATA-Test2 using PowerShell or DSQUERY command
    • dsquery * -filter (samaccountname=ata-test1) -attr objectsid (Reference)
    • Get-ADUser Ata-test1 -Properties objectSID (Reference)
  4. Add this SID as Honey token accounts (ATA Console –> Configuration –> Detection –> Honeytoken Account SIDs). Save the configuration. 
  5. image
  6. Establish an integrative logon session using these accounts. You can RDP into a machine use these accounts
Honey Token accounts (non-sensitive)
You will receive the following alert/email with recommended actions in the ATA console.
image
Honey Token accounts (Sensitive)
Since ATA-Test2 account is a domain admin account, you will receive the same alert with "Sensitive (S )" indicating that this account is a high privileged account in Active Directory.
image
Suspicious Activity Simulation #3 – Massive Object Deletion
Bulk object deletion can be a suspicious activity in an Active Directory environment.  ATA can alert alert you based on massive object deletion activities.
To simulate this scenario,
  1. Create a few users in Active directory. Here is a sample PowerShell  script which you can use to create test accounts in Active Directory
Clear
Import-module activedirectory
$pass = ConvertTo-SecureString "MyPassword0!" –asplaintext –force
for ($i=0;$i -lt 100;$i++)
{
$accountname = "Test-Account$i"
Write-Host "Creating $accountname" -NoNewline
New-ADUser –SamAccountName $accountname –name $accountname -OtherAttributes @{'description'="ATA Test User Account"} -Path "OU=Test Accounts,OU=User Accounts,DC=labanddemo,DC=com"
Set-ADAccountPassword –identity $accountname –NewPassword $pass
Write-Host "...Done"
}
  1. Make sure ATA is "learned" about these account.
  2. image
  3. Delete these accounts from Active Directory
You will receive the Massive Object Deletion alert in the ATA console right away as shown below.
image
Suspicious Activity Simulation #4 - Reconnaissance using DNS
The DNS or name resolution information in a network would be  useful reconnaissance information. In general, DNS data contains a list of all the servers and workstations and the mapping to their IP addresses. Verifying this  information may provide attackers with a detailed view of the environment allowing attackers to focus their efforts on the relevant entities.
For this simulation, the plan is to perform a DNS zone lookup using NSLOOKUP LS command.
To simulate this scenario,
  1. Logon to a remote server.
  2. Open Command Prompt and run NSLOOKUP command
  3. From the NSLOOKUP window, run LS command to list the DNS zone
image
You will receive the following Reconnaissance using DNS alert the ATA console.
image

Tuesday, July 5, 2016

Configuring Deepnet Security SafeID OATH Token with Microsoft Azure MFA Server

Related Blogs:

Configuring YubiKey / Yubico OATH Token with Microsoft Azure MFA Server - http://portal.sivarajan.com/2016/06/configuring-yubikey-yubico-oath-token.html

Azure MFA with pGina and Local Authentication - http://portal.sivarajan.com/2015/09/azure-mfa-with-pgina.html

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

Microsoft Azure MFA on-premises server supports a time based OATH (OATH – TOTP) third party tokens.  This is an alternative to using the Azure Authenticator Mobile App as an OATH token.  You can see other MFA authentication options in my Azure MFA Server–Authentication Types (Part I) and Azure MFA Server–Authentication Types (Part II) blogs.  The OATH tokens can be added or imported prior to being associated with a user.  Administrators can associate users and tokens in the Multi-Factor Authentication Server  or the User Portal.  Users can associate themselves with an OATH token during User Portal enrollment or using the OATH Token menu option when the User Portal is configured to provide this functionality.    A bulk token import and configuration is also supported by MFA Server .  An administrator can import OATH Token records from an input  file .  The secret keys must be in Base32 format

This blog provides step-by-step instructions in configuring Deepnet SafeID OATH token with Microsoft Azure MFA server.  I am using DeepNet Security's SafeID Classic model for this testing.  You can review different token models and details on their website.  

Requirements:

The following are the pre-requirements to complete this configuration. 

  1. Microsoft Azure MFA on-premises server
  2. Deepnet SafeID hardware
  3. Secret Key for your DeepNet SafeID.  You will receive an email with Secret Key after the purchase. 

Review the following Azure MFA Server Authentication Types  blog if you are not familiar with authentication configuration in Azure MFA Server:

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

Azure MFA Server – Configuration for third Party OATH

First step in this process is to add third party OATH Tokens in Azure MFA Server. You can either add these tokens individually or perform a bulk import using an input file. 

To add an OATH token,

  1. Logon to your MFA application server.  Open Multi-Factor Authentication Server UI and Select OATH Token icon.
  2. Click Add option from OATH Token window.
  3. image_thumb23
  4. Enter your Secret Key token Details
    1. Serial NumberRequired.  Enter the  serial number of your SafeID. This will be in the back of the Secret Keyas shown below or it will be the email you received from DeepNet. 
    2. image
    3. Secret KeyRequired. This is the Secret Key (Base32).  You have to receive this information from DeepNet.    You will receive an email from Deepnet with Secret Key after the purchase
    4. Manufacturer Optional.  Enter DeepNet Security as the manufacturer.
    5. ModelOptional.  Enter SafeID as model type. 
    6. Start dateOptional
    7. Expiration dateOptional
    8. Time intervalRequired. Select 60 seconds. 
    9. Username:  Associate a user with this OATH token.  You can manually enter the username or Select User option to identify a user. 
    10. image
    11. Click OK to complete.  The Synchronize OATH Token dialog will prompt for the current OATH code to synchronize the OATH token and verify the configuration.
    12. image
    13. Enter the current code from DeepNet SafeID from the Synchronize OATH Token window to complete token configuration in MFA Server.  Click OK
    14. image

Note1: MFA server validates the OATH code against the OATH token secret key and synchronizes the OATH token's time if they are valid.  If there are not valid, you will see the following error message:

image_thumb38

Note2: Azure Multi-Factor Authentication Server supports bulk import of token records by using an input CSV file.   The file must be in a supported format and may be partially or fully encrypted with a password. 

Sample Input File

To perform a bulk import,

image

Note3: you may receive the following error message when you click on Import button. There is an update/hotfix for this issue. 

Unhandled exception has occurred in your application.  If you click Continue, the application will ignore this error and attempt to continue.  If you click Quit, the application will close immediately. 

Could not load file or assembly ‘PfPskcClr, Version=0.0.0.0, Culture=neutral, PublicKey Token=null’ or one of its dependencies.  A strongly-named assembly is required.  (Exception from HRRESULT:0X8013100)

image

Azure MFA Server – End User Validation Using DeepNet SafeID OATH Token

The final step in this process is to validate the DeepNet SafeID configuration and authentication experience from an end user perspective. 

To configure OATH token as the authentication type for an end user:

  1. From Multi-Factor Authentication Server UI, Select Users icon
  2. From right pane, open the user properties by double clicking the user object.
  3. This will open User Properties / Edit User  window as shown below.  Make sure that the OATH Token is selected as the authentication type for this test user. 
  4. image
  5. To validate this configuration, select out test user object and from the bottom of the window, select Test option.  
  6. image
  7. User will be prompted for first /primary authentication using a user name and password. Enter the User name and Password for the user, then click Test
  8. image
  9. Then it will prompt you for the secondary authentication.  In this scenario, it the OATH Code.image_thumb52
  10. Get the current OATH code from your DeepNet SafeID. 
  11. image
  12. Enter the current code in the OATH Code window in the MFA application .  Click OK
  13. image
  14. You will see the authentication status/result as shown below: 
  15. image_thumb49

Related Blogs:

Configuring YubiKey / Yubico OATH Token with Microsoft Azure MFA Server - http://portal.sivarajan.com/2016/06/configuring-yubikey-yubico-oath-token.html

Azure MFA with pGina and Local Authentication - http://portal.sivarajan.com/2015/09/azure-mfa-with-pgina.html

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

Monday, June 27, 2016

Configuring YubiKey / Yubico OATH Token with Microsoft Azure MFA Server

Related blogs:

Configuring Deepnet Security SafeID OATH Token with Microsoft Azure MFA Server  - http://portal.sivarajan.com/2016/07/configuring-deepnet-security-safeid.html

Azure MFA with pGina and Local Authentication - http://portal.sivarajan.com/2015/09/azure-mfa-with-pgina.html

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

Microsoft Azure MFA on-premises server supports a time based OATH (OATH – TOTP) third party tokens.  This is an alternative to using the Azure Authenticator Mobile App as an OATH token.  You can see other MFA authentication options in my Azure MFA Server–Authentication Types (Part I) and Azure MFA Server–Authentication Types (Part II) blogs.  The OATH tokens can be added or imported prior to being associated with a user.  Administrators can associate users and tokens in the Multi-Factor Authentication Server  or the User Portal.  Users can associate themselves with an OATH token during User Portal enrollment or using the OATH Token menu option when the User Portal is configured to provide this functionality.    A bulk token import and configuration is also supported by MFA Server .  An administrator can import OATH Token records from an input  file .  The secret keys must be in Base32 format.  This blog provides step-by-step instructions in configuring YubiKey OATH token with Microsoft Azure MFA server

Requirements:

The following are the pre-requirements to complete this configuration. 

  1. Microsoft Azure MFA on-premises server
  2. YubiKey hardware
  3. YubiKey Personalization Tool
  4. YubiCo Authenticator Application

YubiKey Personalization Tool – Installation and Configuration

Microsoft Azure MFA server supports only the OATH TOTP (time-based) tokens.  So you need to make sure that your YubiKey is in Yubico OTP Mode using the YubiKey Personalization Tool. Other configurations are optional for Microsoft Azure MFA server configuration and testing. 

The YubiKey Personalization Tool can be used to program the two configuration slots. Also, it can be used to personalize the YubiKey in the following modes:

  • Yubico OTP
  • OATH-HOTP
  • Static Password
  • Challenge-Response

Download YubiKey Personalization Tool and run yubikey-personalization-gui-3.1.24.exe  file to compete the tool installation. 

  1. Insert YubiKey into the USB port.  You may see the Device Setup windows as shown below.  Complete the drive installation process.  image
  2. Open YubiKey Personalization Tool. Make sure:
    1. YubiKey Personalization Tool has successfully identified your YubiKey. 
    2. image
    3. Yubico OTP displayed as supported method in Features Supported section. 
    4. image
  3. You will see all the current OTP configuration in Yubico OTP tab shown below. I am going to a use the default configuration for this testing. 
  4. image

YubiCo Authenticator Application – Installation and Configuration

Download YubiCo Authenticator Application and run yubioath-desktop-3.0.1-win.exe file to complete the application installation. 

  1. Open YubiCo Authenticator Application
  2. From File menu, select Add option (File –> Add)
  3. image
  4. From the New Credential window:
    1. Enter Credential Name – An identifier or a display name for the credential.
    2. Secret Key – It is a Base32 key. Review this If you are not familiar with supported numbers or characters in Base32 encoding. 
    3. Select Time based (TOTP) option.  Microsoft Azure MFA server supports only the OATH TOTP (time-based) tokens. 
    4. Number of digits – You can select 6 or 8 digits as OATH token length.
    5. image
    6. Require touch -  If you select this option, end user has to touch the YubiKey to generate an OATH token.  User will prompted with the following message:
    7. image
    8. Click OK to save the configuration
    9. image
    10. You will see the newly add account in the Yubico Authenticator window. 
    11. image

Now we have completed the YubiKey account configuration. We can move on to Azure MFA server to configure the OATH token.

Azure MFA Server - Configuration for third Party OATH

Review the following Azure MFA Server Authentication Types  blog if you are not familiar with authentication configuration in Azure MFA Server:

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

To add OATH Token in Azure MFA Server,

  1. Open Multi-Factor Authentication Server UI and Select OATH Token icon.
  2. Click Add option from OATH Token window.
  3. image
  4. Enter your YubiKey token Details
    1. Serial Number – Required.  Enter the YubiKey serial number. This will be in the back of the Yubikey as shown below:
    2. image
    3. Secret Key – Required. This is the Secret Key (Base32) you have configured using the Authentication Application. 
    4. Manufacturer – Optional.  Enter Youbico as the manufacturer.
    5. Model – Optional.  Enter your YubiKey model type. 
    6. Start date – Optional
    7. Expiration date – Optional
    8. Time interval – Required. You can select the default 30 seconds value.  By default, YubiKey changes the 6-8 digit code  every 30 seconds. 
    9. Username:  Select the user for this OATH token.  You manually enter the username or Select User option to identify a user. 
    10. Click OK to complete.  The Synchronize OATH Token dialog will prompt for the current OATH code to synchronize the OATH token and verify the configuration.
    11. image
    12. Generate a new OATH from Yubico Authentication app using the imagebutton. 
    13. image
    14. Enter this code in the Synchronize OATH Token window to complete token configuration in MFA Server. 

Note1: MFA server validates the OATH code against the OATH token secret key and synchronizes the OATH token's time if they are valid.  If there are not valid, you will see the following error message:

image

Note2: Azure Multi-Factor Authentication Server supports bulk import of token records by using an input CSV file.   The file must be in a supported format and may be partially or fully encrypted with a password. 

Sample Input File

To perform a bulk import,

  1. Select OATH Token icon and select Import.
  2. Select the input file and click Import.

image_thumb[19]

Note3: you may receive the following error message when you click on Import button. There is an update/hotfix for this issue. 

Unhandled exception has occurred in your application.  If you click Continue, the application will ignore this error and attempt to continue.  If you click Quit, the application will close immediately. 

Could not load file or assembly ‘PfPskcClr, Version=0.0.0.0, Culture=neutral, PublicKey Token=null’ or one of its dependencies.  A strongly-named assembly is required.  (Exception from HRRESULT:0X8013100)

image_thumb[21]

Azure MFA Server – End User Validation Using YubiKey OATH Token

The final step in this process is to validate the YubiKey configuration and authentication experience from an end user perspective. 

To configure OATH token as the authentication type for an end user:

  1. From Multi-Factor Authentication Server UI, Select Users icon
  2. From right pane, open the user properties by double clicking the user object.
  3. This will open User Properties / Edit User  window as shown below.  Make sure that the OATH Token is selected as the authentication type for this test user. 
  4. image
  5. To validate this configuration, select out test user object and from the bottom of the window, select Test option.  
  6. image
  7. User will be prompted for first /primary authentication using a user name and password. Enter the User name and Password for the user, then click Test
  8. image
  9. Then it will prompt you for the secondary authentication.  In this scenario, it the OATH Code.image
  10. To generate a new OATH code, open Yubico Authenticator App and  pressing the imagebutton .  The OATH code will be displayed as shown below:
  11. image
  12. Enter the current OATH code in the OATH Code in the MFA application window.  Click OKimage
  13. You will see the authentication status/result as shown below: 
  14. image

Related blogs:

Configuring Deepnet Security SafeID OATH Token with Microsoft Azure MFA Server  - http://portal.sivarajan.com/2016/07/configuring-deepnet-security-safeid.html

Azure MFA with pGina and Local Authentication - http://portal.sivarajan.com/2015/09/azure-mfa-with-pgina.html

Azure MFA Server –Authentication Types (Part I) - http://portal.sivarajan.com/2016/05/azure-mfa-serverauthentication-type.html

Azure MFA Server –Authentication Types (Part II) - http://portal.sivarajan.com/2016/06/azure-mfa-server-authentication-type.html

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More