Configure MFA with Active Directory

Configuring Multi-Factor Authentication (MFA) with Active Directory (AD) is a crucial step for organizations looking to enhance their security posture by adding an additional layer of authentication beyond just usernames and passwords. Visual-Guard, with its robust security framework, leverages information synchronized from Active Directory, such as email addresses and cellphone numbers, to facilitate MFA processes. This introduction outlines the essential steps and considerations for integrating MFA with Active Directory using Visual-Guard, ensuring a seamless and secure authentication experience.

Preparing Active Directory & VG for MFA

1. Update User Information: Ensure that user accounts in Active Directory are up-to-date with current email addresses and cellphone numbers. This information is essential for MFA mechanisms like OTP (One-Time Password) via email or SMS.
2. Organizational Units and Groups: Organize users within Active Directory into appropriate Organizational Units (OUs) and groups based on their roles and access needs. This organization aids in managing MFA policies more effectively.
3. Security Permissions: Verify that Visual-Guard has the necessary permissions to read user information from Active Directory. This may involve configuring service accounts with specific read privileges.

Below are the steps to configure Active Directory with MFA (Multifactor Authentication)

Step 1: Go to Settings –> Domains –> Click on Edit, Change the setting of Email Address and Mobile to “Both” so that the user can enroll on any of the verification methods

Step 2: Once you click Ok, you will get a notification to restart the product so that your changes are reflected for the domain.

Step 3: Go to Modules –> VGWindows –> Configure –> Change the synchronization between Visual Guard and Active Directory to Both

Step 4: Once you click Ok, you will get a notification to restart the product so that your changes are reflected for the module.