ArchiveWeb now supports Multi-factor authentication for O365 user accounts.
To use MFA in ArchiveWeb please follow these steps:
1.Create a new application in Azure portal
2.Configure ArchiveWeb in Archive Manager Configuration Tool
ArchiveWeb requires specific Azure site to be created that is used to return authentication token back to the ArchiveWeb after a user is authenticated via Microsoft portal.
1.Sign in to the Azure Management Portal. (https://portal.azure.com)
2.Click on Azure Active Directory at the left side menu (#1).
3.Click on App registration (#2).
4.Click on New application registration (#3).
5.Enter friendly name for application (e.g. Metalogix Archive Manager ArchiveWeb)
6.Select Web app / API as application type.
7.For the Sign-on URL field, enter URL for ArchiveWeb on your organization (use appropriate http or https), e.g. http://localhost/ArchiveWeb/
8.Click on Create button.
9.Find your application in the list and click on it.
10.In the Settings tab click on Keys and generate a secret key.
11.Copy and save the key value. You wont be able to retrieve after you leave this blade.
12.Click on Properties and define App ID URI. (Use tenant name of your Azure AD tenant)
13.Copy and save the Application ID value.
14.Click on Reply URLs, define Reply URL This URL is used to return authentication token (use appropriate http or https) as http://localhost/ArchiveWeb/Login/Login
15.Click on Required permissions under API ACCESS.
16.Click on Windows Azure Active Directory.
17.Configure and Save permissions as follows:
|NO - for "Access the directory as the signed-in user", "Read all user's basic profiles" and "Sign in and read user profile"|
|YES - for all others|
18.Click on Grant permissions.
Archive Manager Configuration Tool (PamConfig)
The ArchiveWeb has to configured to use Azure application, created in a previous chapter.
Open Archive Manager Configuration Tool from <installdir>\ Program Files (x86) \Common Files \ PAM \ PAMConfig \ PamConfig.exe
1.Click on ArchiveWeb tab.
2.Click on ArchiveWeb tab / Multi-factor authentication tab and set settings from Azure portal
3.Click on ArchiveWeb tab / ArchiveWeb tab
when all users accounts in an organization have enabled MFA, the Use Multi-factor Authentication checkbox has to be selected. This will force ArchiveWeb to use Multi-factor authentication for all users that log in ArchiveWeb. In this case at ArchiveWeb site the user will be prompted to enter only the login email address and then will be redirected to Microsoft login form to finish login process.
When not all users in an organization have enabled MFA, the Use Multi-factor Authentication checkbox should stay unchecked. In this case user with MFA set for his/her account is trying to log in to ArchiveWeb, firstly will be prompted to enter the credentials (user email and password) and then will be redirected to Microsoft site where the user has to authenticate against MFA and after successful authentication the user will be redirected back to ArchiveWeb.
Please note: Whether at least one user in an organization has MFA set, the Organization, Client ID and Client Secret should be set in ArchiveWeb tab / Multi-factor authentication tab.