Configure Active Directory Agentless MFA

Prerequisites

  1. Install AD Agent to sync users and service accounts.
  2. Domain-Joined Windows Machines: For Agentless MFA to work, all client machines must be domain joined to your Active Directory (AD) domain.

Step 1: Login to your tenant admin console

Enter your login details to access the platform.

login screen

Step 2: Navigate to Identities in Platform

Navigate to the Identity Provider under the Identities menu from the sidebar and click the Add Identity Provider button in the top right corner.

Add Identity Provider

Step 3: Enter Active Directory Details

Navigate to the Integrate Active Directory page.

Fill in the required fields to Connect to AD servers, such as:

  • Active Directory Name: A friendly name for the AD instance (e.g., adTest).
  • AD IP Address: The private IP address of the AD server.
  • Domain: The domain name (e.g., example.com).
  • Username: AD credentials with appropriate privileges.
  • Search Base for User: Specify the search base for user records (e.g., ou=user,dc=example,dc=com).
  • Search Base for Service Account: Define the search base for service accounts (e.g., ou=serviceaccount,dc=example,dc=com).
  • Select whether SSL is configured (recommended for secure communication).
  • Set the Port number (e.g., 636 for SSL). The default port number will be 389 for AD
  • Choose an MFA method for added security. For agentless integration, select Agentless AD MFA.

Connect to AD Server

Step 4: Download the AD Agent

Click the Download button to get the agent installation script (e.g. agent-install.ps1).

alt text

Step 5: Copy the Downloaded File

Copy the downloaded file to the machine where you want to set up your AD agent.

Step 6: Install the Agent

On the machine, open PowerShell as an administrator privilege, and run the following command:

./ad-agent-install.ps1 -OutputPath C:\authull

After running the command, Navigate to Identities > Users screen to view all the imported active directory users successfully.