locked
Multi-Factor Authentication with on-premise (no Azure) Windows 2016 Server RRS feed

  • Question

  • Is it possible to use an on-premise Windows 2016 Server (without any connectivity to Azure)- through ADFS or some other mechanism - the following method of two-factor (2F) Authentication - in the scenario described below?

    When trying to log-on to a website (e.g. running on IIS, or on Apache HTTP Server, or both), after entering the userID and password, a Push Notification is sent to the user. The user receives this Push Notification by e-mail, or SMS, or some other method, and the user clicks on the link received. That the user clicked on the link from a validated source (e.g. the user’s phone) is now accepted by the website as second factor authenticated, and allowed into the website, without any additional action from the user (i.e. instead of having to enter an OTP received via push notification, the user is validated and successfully logged in based on this mode of second factor). Which tools are best suited, keeping in mind that the majority of the applications may be using Active Directory for user authentication?

    If this is not possible, what are the other possibilities for 2F Authentication - using an on-premise only (no Azure) Windows 2016 Server?

    Assume that it would be nice to set up a group policy for the mode by which the Push Notification is sent to the user – e.g. via e-mail for one group, via SMS for another, via a mobile app for the third group.

    Wednesday, May 16, 2018 8:23 PM