**Please see the full White Paper in Additional Resources**
Multi-Factor Authentication Server Console
1.       Log in to the server where MFA is installed.

2.       Open the Apps screen.

3.       Click the Multi-Factor Authentication Server icon

4.       The Multi-Factor Authentication Server window opens.

Now you will configure the necessary services.

LDAP Authentication

First you will enable LDAP authentication, and then add the SSL VPN appliance as a client.

1.       Click the LDAP Authentication icon

2.       When the LDAP Authentication tool opens, select Enable LDAP Authentication.

3.       Select the Clients tab if necessary.

NOTE: Keep track of the port numbers noted for authentication as you will need them for the SSL VPN appliance configuration. Default is 636 when using SSL encryption. Unencrypted authentication is outside the scope for this guide.

4.       If you are using secure LDAP, click Browse to import the SSL certificate.

5.       Click Add to open the Add LDAP Client dialog box.

6.       Complete the following:

a.       IP address – enter the SSL VPN server address.

b.      Application name – enter a descriptive name for the SSL VPN server.

c.       Require Multi-Factor Authentication user match – select; only users who are included in the MFA Users list will be granted access.

NOTE: This feature provides better control over remote access. If not enabled (unchecked), then only users who are included in the MFA Users list will need to authenticate with MFA. Other domain users will be able to authenticate without MFA.

7.       Select the Target tab.

8.       Confirm the Target field displays LDAP.

You have completed configuring LDAP authentication and adding the SSL VPN server as an LDAP client. Leave the Multi-Factor Authentication Server window open for the next task.
You have completed the MFA server directory service setup. Leave the Multi-Factor Authentication Server window open for the next task.

Administrator Account

The following instructions explain how to configure the MFA administrator account to facilitate LDAP requests without needing to negotiate multi-factor authentication requests. This provides the best balance between security and functionality when the administrator account is used for LDAP requests.

1.       Select the Administrator account.

2.       Click Edit.

3.       Select the General tab if necessary.

4.       Clear the Enabled checkbox.

5.       Select the Advanced tab.

6.       Leave the default settings, except for the following:

a.       When user is disabled – select Succeed Authentication.

b.      Account is used for LDAP Authentication password changes – select to allow end users to change their own passwords.

7.       Click Apply.

8.       Click Close.