Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Two-Factor Authentication (2FA/MFA) for CAS


CAS provides a secure application access and data protection solutions offered by CAS to access corporate data, applications and virtual desktops anytime, anywhere. It consolidates remote access solutions with a diverse Identity and Access Management capabilities to deliver a unified experience across all applications.

Enable miniOrange MFA for External RADIUS Servers


MFA 2FA two-factor authentication for CAS

  • Primary authentication initiates when the user enters the credentials in order to access the application.
  • An authentication request is sent to miniOrange by the application.
  • Based on the authentication request miniOrange sends the RADIUS Request to the external RADIUS Server (in this case CAS) to validate the intial request.
  • Once the user's first level of authentication gets validated, the RADIUS Server will then send RADIUS Response to miniOrange.
  • Then, miniOrange asks for the 2-factor authentication challenge to the user.
  • User submits the response/code based on the second factor method selected.
  • The user response (or second factor) is validated in miniOrange.
  • On successful 2nd factor authentication the user is granted access to the application.

What are different 2FA/MFA methods for CAS supported by miniOrange?

miniOrange provides 15+ 2FA/MFA authentication methods for CAS: OTP over SMS-Email, Push Notification, Software Token, Google / Microsoft Authenticator etc. You can opt for any of the 2FA methods to secure your CAS. To integrate 2FA, you can enable RADIUS authentication in CAS and configure policies in miniOrange to enable or disable 2FA for users.


Connect with any External Directories


miniOrange provides user authentication from various external directories such as miniOrange Directory, Microsoft AD, Azure Active Directory/LDAP, AWS Cognito and many more.

Can't find your Directory? Contact us on idpsupport@xecurify.com



Enable Two-Factor Authentication (2FA)/MFA for CAS as RADIUS Server to extend security level.

1. Add CAS as External RADIUS Server

  • Login to miniOrange Admin Console.
  • From the dashboard navigation select User Store >> Add User Store.
  • CAS Two-Factor Authentication 2FA User Store

  • Select User Store type as Radius.
  • Enter your Server Name.
  • Enter Server Host or Host IP Address.
  • Enter Server Port.
  • Enter Shared Secret.
  • CAS Two-Factor Authentication 2FA Configure as RADIUS Server

  • Click Save.

2. Configure Two-Factor Authentication 2FA for Admin Dashboard

  • From your miniOrange Dashboard in the left navigation bar, select 2- Factor Authentication, click on Configure 2FA.

  • Two factor-authentication for CAS | configure_2fa

  • Choose any 2FA method you want to configure.
  • Let's say you want to configure OTP over SMS
  • Click on OTP over SMS
  • Two factor-authentication for CAS  | otp_over_sms

    Two factor-authentication for CAS  | enter_phone_no

  • Now add your mobile number on which you want to receive the OTP.
  • Then click on Save.
  • Two factor-authentication for CAS  | save_phone_number

    Two factor-authentication for CAS  | otp_over_sms_active

  • Now as shown in the above image, OTP over SMS is your Active 2FA method.
  • Enable Prompt for second factor during signin to your console.
  • Then click on Save.
  • Two factor-authentication for CAS  | enable_2fa

  • To verify the configuration login again.
  • You will be asked for Username and password then it is redirected to below page:
  • Enter the OTP received on the phone and click on verify.
  • Two factor-authentication for CAS  |  2fa_otp_verification

  • If you are redirected to your dashboard, you have successfully configured OTP over SMS as your 2FA method.
  • Similarly you can configure rest of the 2FA methods for miniOrange dashboard. Click Here for the Guide

3. Configure Two-Factor Authentication 2FA for End-Users

  • Login into your End-User Dashboard using Active Directory Credentials.
  • Select Configure 2FA from left panel.
  • MFA/Two Factor Authentication(2FA) for CAS  Configure 2FA Panel

  • Browse through the Second factor options and choose an appropriate method to be used by the particular End-User during login.
  • In this guide, we have selected the method "OTP OVER SMS". You can explore the guide to setup other methods here.
  • MFA/Two Factor Authentication(2FA) for CAS Configure Second Factor(OTP over SMS)

  • Click on configure/reconfigure "OTP OVER SMS".
  • Enter you phone number along with the necessary country code and click on SAVE below. After the Phone details are saved successfully, click on the Save button on the top bar to set this as your 2FA method.
  • MFA/Two Factor Authentication(2FA) for CAS  Configure Second Factor-SMS(Enter Mobile Number)

  • To use a particular method of 2FA, we configure that method first and then select the method and click on SAVE.
  • Currently used method is denoted by green color.
  • MFA/Two Factor Authentication(2FA) for CAS Configuration done successfully

Our Other Identity & Access Management Products