Azure MFA over NPS MFA Extension

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

The MFA extension for NPS is the new way of integration if you dont want to host the MFA self-service onpremise.

NPS is Windows component works as a radius for integration with 3rd party applications/appliances

I just come from integrating this to F5 VPN/Portal witch and not tested by F5 team (while i’m writing this) but it works similar like Citrix, Cisco, Juniper, etc.

The trics to make it working smooth is that you must connect the 3rd party device such as F5 in my case directly to the NPS BackEnd server where you install the MFA extension.

If you use the NPS Proxy and then forward the request to the Backend NPS, it will ask 3 times for authentication !

And keep in mind you just need to add radius authentication after the login page.

Here how F5 is configured : https://devcentral.f5.com/s/articles/heres-how-i-did-it-integrating-azure-mfa-with-the-big-ip-19634

For end user experience : https://www.youtube.com/watch?v=QbDxoLivJWQ

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.