As in the MIM service, the PAM workflow activity supports MFA. To start this setup, we will need to first create our multi-factor authentication providers. Log in to the Azure portal at https://portal.azure.com:
Once created, navigate to the provider and download the SDK. The SDK is located on the left-hand side of the screen, as you see here:
Then, copy the ZIP file to the PAM/MIM Service server. The ZIP file contains key material used to authenticate to Azure, so keep it secured. Once copied, open the ZIP file, and you will see a pf
folder. Open the pf_auth.cs
file with Notepad:
Copy LICENSE_KEY
, GROUP_KEY
, and CERT_PASSWORD
to the mfasetting.xml
file. If you've kept the default while installing the MIM service, the mfasetting.xml
file is located at C:\Program Files\Microsoft Forefront Identity Manager\2010\Service
.
Once you have the settings entered and saved, create a folder in the directory called MfaCerts
and then copy the p12
cert to this directory from pf...