2FA for Windows Logon
2FA for ADFS (Active Directory Federation Services)
GreenRADIUS 2FA for ADFS enables customers to enforce two-factor authentication for any application or resource integrated with Microsoft’s ADFS. Such applications can be internal websites and resouces or external ones such as Google G-Suite, Office 365, Slack, Concur, and any other site that supports SAML 2.0. YubiKeys, Google Authenticator, and our Green Rocket 2FA mobile app can be used as tokens.
The GreenRADIUS premium OATH Module enables use of OATH ready Tokens/Smartphone Apps (such as Google Authenticator) in addition to YubiKeys. A user may have both a YubiKey and Google Authenticator active at the same time, and the user can choose which to use for authentication. Some firewalls/VPN devices with artificial password length limitations (such as WatchGuard) currently do not support YubiKeys in standard mode due to password length limitations. By programming the YubiKeys to use OATH mode or adding additional OATH tokens/apps, these users and organzations can be protected with strong 2FA via GreenRADIUS.
The Green Rocket 2FA mobile app is available for Android and iPhone. Users receive a push notification upon a login and simply tap Approve on our app to complete the login. Our mobile app will work for all integrations with GreenRADIUS, including VPN, Windows logon, Linux servers, and websites.
The GreenRADIUS premium PIN Module enables organizations to use a PIN instead of a LDAP password as the first factor. The PIN is stored and managed in the GreenRADIUS server. This is useful for those organizations or customers that do not want to use LDAP passwords for RADIUS integrations, but still want to have a PIN for the first factor.
The GreenRADIUS premium LDAP Module enables 2FA use with systems/products that require LDAP authentication but do not natively support 2FA. Some FIPS 140-2 enabled products limit the use of the RADIUS protocol (such as Palo Alto Networks firewalls), and in these cases, direct support for LDAP authentication is required in order to support 2FA. Note that Active Directory and other user directories are supported “out of the box” in GreenRADIUS, so that organizations can always use their network credentials as the first factor. The LDAP Module allows support for another authentication protocol in addition to the built-in RADIUS one.
Reporting GreenRADIUS Security Issues
To report any GreenRADIUS security issues, please contact your account manager or email us at firstname.lastname@example.org. Do not include specific details of the security issue in an email. Instead, we will provide a secure way to communicate.