MFA Guides

RapidIdentity Server

Do not install RapidIdentity Server on the same server running Microsoft SharePoint.

Ensure the RapidIdentity Server host meets or exceeds the minimum requirements listed below.

  • Microsoft® Windows Server 2012 R2 or greater

  • RapidIdentity may be deployed to servers operating as domain controllers or member servers; however, it is not recommended to deploy on a domain controller if possible

  • RapidIdentity may be deployed to physical servers, virtual servers, or both

  • IIS 7.0 or higher

  • Microsoft SQL Server or SQL Express 2014 or higher

  • Dual core Pentium compatible 2GHz processor or faster per core

  • 4GB RAM (8GB if SQL is installed on the same server)

  • .NET Framework 4.7.2 or greater

  • 120 MB of available hard disk space for RapidIdentity Server

  • Ports 80 and 443 (when using SSL) must be allowed through any firewall where communication to RapidIdentity Server is required

  • Ports 2195, 5228, 5229, 5230 and 443 (TCP and UDP) are required for communication when using PingMe

  • Ports 1812 and 1813 (UDP) are required for RADIUS (only needed if installing Network Policy Server (NPS) on the same server, for example, to accommodate OTP to VPN authentication or for a number of other integration points)

  • Ports 1433 is required for SQL Communication

NPS with RADIUS and OTP Authentication

RapidIdentity MFA+ can be leveraged as an authentication method for Virtual Private Networks and other 3rd party applications that can utilize RADIUS authentication with MS-CHAPV2 (Preferred) or PAP protocols.

Below is a diagram of a sample environment that depicts network traffic with MFA+ acting as a RADIUS proxy.

Network_Diagram_-_MFA__OTP_at_Cisco-sm.png

Note

MFA+ Supports One-Time Passwords and Push notifications from the RapidIdentity Mobile applications as well as One-Time Password hard tokens.

Configuring Radius\NPS Support

Prior to configuring Radius\NPS Support, ensure that these three items are present.

  1. Visual C++ Redistributable for Visual Studio 2015, 2017, and 2019 must be installed.

    Important

    This dependency is not installed by the RapidIdentity Server installation process.

  2. Ensure the Network Policy Server (NPS) is installed on the same server as RapidIdentity Server.

  3. NPS should be configured for appropriate policies with whatever Radius clients need to leverage this server for Radius authentication.

The specifics on how to configure NPS along with anything associated with RADIUS are beyond the scope of this installation guide.

Organizations should evaluate internal policies prior to completing the Radius\NPS Support with RapidIdentity Server.

Details on configuring various RADIUS clients can be obtained through Microsoft or Identity Automation Support.

After configuring NPS specific to the organization, follow these four steps to configure Radius\NPS Support in RapidIdentity Server.

  1. Open a Command Prompt window as an Administrator.

  2. Navigate to C:\Program Files\2FA\ONE Server\Tools.

  3. Type Enable_2FA_RADIUS.bat and press ENTER.

    NPS_1.png
  4. Upon completion, the following information will display.

    NPS_2.png

    After enabling the RADIUS.bat file it is necessary to configure NPS to communicate with the organizational VPN software or other third party software in order to use RapidIdentity Server with that solution.