ADFS 3.0 integration - RADIUS


This guide describes how you can integrate Buypass Code in Microsoft ADFS to activate 2-factor authentication for Office365 and other applications. Buypass offers a small integration packet that works as a custom authentication provider in ADFS to require a Buypass Code OTP for users signing in.

Technical requirements

Software requirements

  • Windows 2012 R2
  • .NET 4.5
  • An installed and configured Buypass Code Service Connector (See Service_Connector_8.0.3_installationGuide)
  • Office365 has been setup for SSO to an on-premise ADFS server and has working SSO based on user’s existing AD password

Network connectivity

  • The ADFS integration packet needs to communicate with the Service Connector via Radius (default port 1812)

Integration setup

Buypass Code Manager configuration

Login to Buypass Code manager and create a new radius configuration. The IP-address should be the IP of the ADFS server.

For more information about Radius configuration, see Radius klienter

Installation and configuration of Buypass Code ADFS integration

  1. Download Buypass_Code_ADFS_3_0_Integration.exe from Buypass Ekstranett.
  2. Make sure you Active Directory Federation Service is running
  3. Run Buypass_Code_ADFS_3_0_Integration.exe on the ADFS server

  4. Click next

  5. Enter configurations, table bellow describes parameters


    Configuration parameterDescription
    Service Connector IPIP address of the service connector
    Service Connector portPort that the Service Connector is configured to listen to. Default is 1812
    RetriesThe number of times to send Radius access request to the Service Connector if no response
    TimeoutTime in milliseconds between Radius access request retries
    Shared secretThe shared secret that is configured in Buypass Code Manager
    NAS-IdentifierOptional Radius attribute to be used to differentiate between Radius clients
    NAS-IP-AddressOptional Radius attribute to be used to differentiate between Radius clients
    Normalize user nameCheck if user names should be normalized (e.g. "oott@bpcodedemo.no” and ”bplab01\oott” will be normalized to "oott")
    Display Radius response messageCheck if it is desired that error messages containing more information should be displayed to the user in case of Access Reject message from Buypass
    Debug loggingCheck to activate debug logging to be used while configuring or debugging the setup
    Debug log file dirPath for log file
  6. The Redundant Service Connector parameters are optional and should be entered if you a second Service Connector is used for redundancy.
  7. Click next
  8. Click install
  9. Check the "Restart ADFS Service" check box and click Finish

  10. In the ADFS Management view, open "Edit Global Multi-factor Authentication..."

  11. Buypass Code should be visible as an additional authentication method

  12. Check the Buypass Code option and click Apply

  13. Restart the ADFS Service
  14. The installation of Buypass Code ADFS integration is now complete and after the user has entered credentials another view will be displayed and require a Buypass Code OTP before the user is authenticated.


Change configuration

  1. To change configurations for an existing installation, start the installer again.
  2. The installer will load the settings from ADFS. (If you get an error saying that a script failed, try starting the installer again.)
  3. Click Next

  4. Click Change

  5. Make the configuration changes and click Next

  6. Click install

  7. Check the Restart ADFS service check box and click Finish

  8. The new configurations have been loaded into ADFS



Innhold