SecureMFA_EMAIL_OTP

1.0.1.2

Readme.txt

                                QUICK START GUIDE

Deployment full details can be found in https://www.securemfa.com/downloads

Before you can start registering “SecureMfaEmailOtpProvider” into your ADFS farm you must complete bellow steps. All commands must be executed in elevated PowerShell (PS) command prompt.

    1. Deploy latest “SecureMfaEmailOtpprovider” PowerShell module from Microsoft PSGallery using bellow PS command.

    Install-Module -Name SecureMFA_EMAIL_OTP -Repository PSGallery -Scope AllUsers

    NOTE: If your ADFS server doesn’t have access to the Internet :

    - You can pull PowerShell module from Windows client which has Internet access and copy “C:\Program Files\WindowsPowerShell\Modules\SecureMFA_EMAIL_OTP” folder from client’s computer into ADFS server (same location). 

    - You can download “SecureMFA_EMAIL_OTP” nupkg file manually from https://www.powershellgallery.com/  website. Rename nupkg file’s extension into ZIP. 

    Unzip content into a folder “SecureMFA_EMAIL_OTP” and place it into PS Modules default location on the server. That will work the same way as pulling package with native windows PS Tools.

    2. Within “C:\Program Files\WindowsPowerShell\Modules\SecureMFA_EMAIL_OTP” directory update “SecureMFAEmailOtpProvider.json” file. 

If you are using a free license you only need to modify "smtp_server" server settings. If you will buy a license to enable all the features, you will need to update "company" and "serialkey" information to unlock the app.

    3. If you need to generate verbose logs in windows events for troubleshooting reasons change verboselog value from “false” to “true”.

    Please note that verbose logging can affect your servers’ performance, use it only for troubleshooting reasons. 

    Don’t enable “verboselog” in production environments as it may reveal configuration secrets

    4. Before a SecureMfaOtpprovider will be invoked by AD FS, it must be registered in the system with PowerShell command 

    which performs the necessary installation actions including installation in the GAC, and registration in AD FS farm.

    - Bellow PS command will install Email OTP authentication provider on the MAIN ADFS node:

    Install-SecureMfaEmailOtpProvider

    - Bellow PS command will install Email OTP authentication provider on OTHER ADFS node(s): 

    Install-SecureMfaEmailOtpProvider -NotMainNode

    NOTE: If you are using federation server farm that uses Windows Internal Database, you must start installation using the primary federation server of the farm as a MAIN node. 

    Installation needs to be executed on ADFS farm server (not web application proxy servers).