Configure MFA with Active Directory

Estimated reading: 2 minutes 317 views

Preparing Active Directory & VG for MFA

  1. Update User Information: Ensure that user accounts in Active Directory are up-to-date with current email addresses and cellphone numbers. This information is essential for MFA mechanisms like OTP (One-Time Password) via email or SMS.
  2. Organizational Units and Groups: Organize users within Active Directory into appropriate Organizational Units (OUs) and groups based on their roles and access needs. This organization aids in managing MFA policies more effectively.
  3. Security Permissions: Verify that Visual-Guard has the necessary permissions to read user information from Active Directory. This may involve configuring service accounts with specific read privileges.

Below are the steps to configure Active Directory with MFA (Multifactor Authentication)

Step 1: Go to Settings –> Domains –> Click on Edit, Change the setting of Email Address and Mobile to “Both” so that the user can enroll on any of the verification methods


Step 2: Once you click Ok, you will get a notification to restart the product so that your changes are reflected for the domain.


Step 3: Go to Modules –> VGWindows –> Configure –> Change the synchronization between Visual Guard and Active Directory to Both


Step 4: Once you click Ok, you will get a notification to restart the product so that your changes are reflected for the module.