IPDS | MFA | Create

Table of Contents

Creating a New MFA Portal

Creating a New MFA Portal #

MFA Portals can be created and managed through the RELIANOID Web User Interface (WebUI) by navigating to IPDS > MFA > Create MFA.

relianoid multifactor authentication creation panel

When creating a new MFA Portal, the following general fields are required:

Common Configuration Attributes #

MFA Portal Name. Identifier string of the MFA Portal.
MFA Portal Type. Selector for one of the following authentication types:

Active Directory: Authenticates users against a Microsoft Active Directory server using standard username and password credentials.
LDAP: Validates user credentials through a Lightweight Directory Access Protocol (LDAP) directory using configurable query filters.
RADIUS: Uses a RADIUS server to authenticate users based on passwords or tokens, typically for centralized network access control.
Google Captcha v2: Verifies human interaction by requiring users to complete a Google Captcha challenge before accessing the application.
TOTP AD App: Authenticates users via a Time-based One-Time Password (TOTP) generated by an authentication app, using a secret stored in Active Directory.

In the panel, each MFA Portal displays its Status as:

Up (green bullet point)
Down (red bullet point)

Active Directory MFA Portal Attributes #

The Active Directory MFA Portal allows authentication against a Microsoft AD server using an authenticator user account. Configuration fields:

Authentication Server IP or FQDN: IP address or hostname of the AD server.
Authenticator User: Administrator or service account with permission to perform authentication queries.
Authenticator User Password: Password for the authenticator user.
Base DN: Base Distinguished Name (DN) used to query users in the AD server.

LDAP MFA Portal Attributes #

The LDAP MFA Portal allows authentication against an LDAP directory using a defined filter. Configuration fields:

Authentication Server IP or FQDN: IP address or hostname of the LDAP server.
Authenticator User: Administrator or service account for LDAP queries.
Authenticator User Password: Password for the authenticator user.
Base DN: Base Distinguished Name for LDAP queries.
Filter (optional): LDAP filter to restrict user queries.

RADIUS MFA Portal Attributes #

The RADIUS MFA Portal enables authentication against a RADIUS server using a password or token. Configuration fields:

Authentication Server IP or FQDN: IP address or hostname of the RADIUS server.
Authenticator User: RADIUS user with permissions to request authentication.
Authenticator User Password: Password or shared secret used for RADIUS authentication.

Google Captcha v2 MFA Portal Attributes #

The Google Captcha v2 MFA Portal integrates with Google Captcha to verify that the user is a human before granting access. Configuration fields:

Google Captcha SiteKey: Public site key for client-side validation.
(Generated at Google Captcha Admin Console).
Google Captcha SecretKey: Private secret key used for server-side validation.

TOTP AD App MFA Portal Attributes #

The TOTP AD App MFA Portal supports authentication through Time-based One-Time Passwords (TOTP) generated by compatible authenticator applications (e.g., Google Authenticator, Microsoft Authenticator). The TOTP secret is stored securely in an Active Directory attribute. Configuration fields:

Authentication Server IP or FQDN: IP address or hostname of the Active Directory server.
Authenticator User: Administrator or service account with permissions to query user attributes.
Authenticator User Password: Password for the authenticator user.
Base DN: Base Distinguished Name to query users in AD.
AD Secret Attribute: AD attribute where the TOTP secret is stored.
Authentication Issuer: Identifier for the TOTP issuer (displayed in the authentication app).
Code Digits: Number of digits in the TOTP code (default: 6).
Code Timeout in seconds: Time window for TOTP code validity (default: 30 seconds).