Windows MFA: ADFS, RDS, NPS & VPN Setup Guide
Windows integrations use either a native Mideye ADFS module or RADIUS (via NPS) to add multi-factor authentication to Microsoft infrastructure components.
Architecture
Section titled “Architecture”Mideye supports two approaches for Windows MFA, depending on the component:
- ADFS Module flow (left): A .NET module installed on the ADFS server calls Mideye Server during the ADFS login flow. Supports push, SMS OTP, offline challenge, tokens, and YubiKey.
- RADIUS/NPS flow (right): NPS or RRAS sends a RADIUS request to Mideye Server, which validates credentials and adds MFA. Same protocol as VPN/firewall integrations.
Choosing the right approach
Section titled “Choosing the right approach”| Scenario | Recommended approach | Guide |
|---|---|---|
| ADFS portal login with MFA | Mideye ADFS Module | ADFS Module |
| ADFS passwordless authentication | Mideye ADFS Module (Windows Server 2019+) | ADFS Module — Passwordless |
| Remote Desktop Services (RDS/RDG) via ADFS + WAP | ADFS Module + WAP publish | RDS with ADFS + WAP |
| Remote Desktop Services (RDS/RDG) via NPS | RADIUS via NPS | RDS with Touch |
| Windows VPN (RRAS) | RADIUS via NPS | Windows VPN |
| Windows Hello for Business | ADFS Module (hybrid) | Windows Hello |
| B2B federation with assisted login | ADFS Module + MSAS | Federated Trust |
| AWS Cognito via ADFS SAML | ADFS SAML federation | ADFS + AWS Cognito |
Compatibility
Section titled “Compatibility”| Windows Server version | ADFS Module | RADIUS / NPS | RDS + WAP | Windows Hello |
|---|---|---|---|---|
| Windows Server 2022 | ✅ | ✅ | ✅ | ✅ |
| Windows Server 2019 | ✅ | ✅ | ✅ | ✅ |
| Windows Server 2016 | ✅ | ✅ | ✅ | ✅ |
| Windows Server 2012 R2 | End of support — not recommended | ✅ | ✅ | ❌ |
All guides
Section titled “All guides”ADFS integration guides
Section titled “ADFS integration guides”| Guide | Description |
|---|---|
| ADFS Mideye Module | Install and configure the native Mideye MFA module for ADFS |
| ADFS Access Control Policies | Advanced PowerShell-based access control policy configuration |
| ADFS Federated Trust | Cross-forest B2B federation with assisted login |
| ADFS + AWS Cognito | Federate ADFS with AWS Cognito for CloudFront protection |
| ADFS + RDS/WAP | Remote Desktop Services with Web Application Proxy |
RADIUS-based guides
Section titled “RADIUS-based guides”| Guide | Description |
|---|---|
| Windows VPN (RRAS) | Built-in Windows VPN using RRAS and NPS |
| RDS with Touch | Remote Desktop Gateway with Mideye Touch via NPS |
| Guide | Description |
|---|---|
| Windows Hello for Business | WHFB with Mideye MFA on ADFS (overview) |
Related links
Section titled “Related links”Mideye documentation
Section titled “Mideye documentation”- RADIUS Integrations — authentication flows and supported auth types for RADIUS-based setups
- RADIUS Clients — add Windows servers as RADIUS clients in Mideye Server
- RADIUS Shared Secrets — configure shared secrets
- Network Policy Servers (NPS) — configure NPS as a RADIUS proxy
- Authentication Types — all supported Mideye authentication methods
- ADFS Release Notes — Mideye ADFS Module changelog
- Downloads — latest Mideye ADFS Module installer
Official Microsoft documentation
Section titled “Official Microsoft documentation”- AD FS Overview — Microsoft ADFS documentation hub
- Remote Desktop Services — RDS deployment and configuration
- NPS Overview — Network Policy Server documentation
- Routing and Remote Access (RRAS) — Windows VPN server documentation
- Windows Hello for Business — WHFB deployment methods