IPDS | MFA

Knowledge Base

Site Reliability Experience

View Categories

IPDS | MFA

2 min read

Table of Contents

Introduction #

The Multifactor Authentication (MFA) module included in the RELIANOID IPDS subsystem provides an additional layer of security by requiring users to validate their identity through multiple authentication factors before accessing an application or service. MFA significantly enhances protection against unauthorized access by combining different types of credentials — such as passwords, tokens, or CAPTCHA verification — that are much harder to compromise simultaneously.

The RELIANOID MFA module has been designed to be transparent to the real application, which means no changes or modifications are required on the backend application itself. All authentication logic is handled directly by the load balancer, ensuring compatibility with existing infrastructures.

relianoid multifactor authentication list panel

Currently, RELIANOID supports multiple authentication integrations, including:

  • LDAP — Authentication against an LDAP directory service.
  • Active Directory (AD) — Authentication against Microsoft Active Directory servers.
  • RADIUS — Integration with RADIUS authentication servers.
  • Google Captcha v2 — Verification through Google Captcha services to ensure human interaction.
  • Authentication App through TOTP and AD Integration — Validation via a Time-based One-Time Password (TOTP) using secrets stored within Active Directory.

The RELIANOID MFA framework is flexible and extensible, allowing new authentication mechanisms to be integrated in future releases. This modular design ensures that administrators can easily adapt their authentication workflows as security requirements evolve.

How RELIANOID MFA Works #

The RELIANOID load balancer implements MFA through the creation of local authentication portals, also known as MFA portals. Each portal acts as an authentication layer, which can be chained together to create multi-step security workflows.

relianoid MFA 2FA with AD_LDAP and Google Authenticator

When a user attempts to access a protected web application:

1. The request is intercepted and redirected to the first MFA portal.
2. Upon successful authentication, a user session cookie is generated, granting permission to proceed to the next MFA portal in the chain.
3. Each subsequent MFA layer validates the presence and validity of the cookie before authenticating the next factor.
4. Once all MFA layers are successfully passed, the user is granted access to the backend web application.

This chained authentication architecture allows the creation of flexible and highly secure access policies without altering the application logic or requiring integration changes in the backend service.

MFA Portals View #

The MFA Portals View provides an overview of all configured Multifactor Authentication (MFA) portals within the RELIANOID IPDS subsystem. From this view, administrators can review, manage, and control the MFA portals and their assignments to HTTP/S farm services.

This interface lists all created MFA portals, showing their configuration status, assigned farm services, and available management actions. displayed fields are:

Name. A descriptive identifier for the MFA portal. Click the portal name to open the editing form, where configuration details and authentication parameters can be modified.
Farms. Displays the farm services to which the MFA portal is applied.
To sort the list of farms, click the upward arrow next to the FARMS column header. This helps to easily identify which portals are assigned to specific services or review unassigned portals.
Status. Indicates the operational status of the MFA portal, represented by color codes:

  • Green — Enabled: The MFA portal is active and being applied to all assigned farm services.
  • Red — Disabled: The MFA portal is inactive and not affecting any farm services.

Actions. Provides control options to manage the MFA portal’s operational state and lifecycle:

  • Stop — Disables the MFA portal in all farm services where it is currently assigned.
  • Start — Enables the MFA portal in all assigned farm services.
  • Delete — Unassigns the MFA portal from all farm services and permanently removes the MFA configuration.

The MFA Portals View serves as the main management panel for monitoring and controlling authentication workflows across multiple applications and services. From this interface, administrators can quickly identify active portals, ensure proper coverage of security layers, and make configuration adjustments as needed.

📄 Download this document in PDF format #

    EMAIL: *

    Powered by BetterDocs