Active Directory Service Account Setup

Here we'll be creating the "Managed Service Account" which will have the necessary permissions needed by the MFA system to connect MFA to AD.

Part 1 - Create User In AD

1. Open Active Directory and Users.

2. Navigate to Domain > Managed Service Accounts.

3. Right-click “Manage Service Accounts” > New > User.

4. Name the user something referring to MFA/2FA (for easy recognition). It's not required to have all of the fields filled out. In these examples, the name of the account is just "RISSA" (short for RapidIdentity Service Account).
   

5. Set the password to "never expire".
   

   Confirm everything on the last screen, and click "Finish".
   

Add User to Server Operators

1. Double-click on your new account (or right-click > Properties) to open the Properties window.
   

2. Click on the Members Of tab.
   2a. Click "Add". This will bring up a new window.
   

   
   

   2b. Type "Server Operators" into the box and click "Check Names". It should resolve and underline Server Operators. Hit "OK".
   

   
   

   2c. You should see your account as a member of the Server Operators. Click "OK" to complete this step in the account creation.
   

Part 2 - Add User to the Admin Portal

1. Log into your MFA Admin Portal.

2. Go to the Methods tab.

3. On the left-hand side, click on Active Directory.

4. In the middle pane, you'll see an option to edit the Service Account. Click "Edit".
   

   
   

   4a. The AD Forest Name box should automatically populate. You should just need to provide the service account's name and password that you created in the Active Directory Service Account Setup, and click "Save" when done.
   

   
   

   4b. It should look like this when it saves.
   

Now that your Service Account creation is complete, you can move on to the Certificate Template Setup.