Orchestration, LDAP and MFA authentication

Luiz Lucena
Mega Sage

Hello everyone, 

We have LDAP integration to our on-prem Active Directory and Orchestration that automates hundreds of activities, like application access provisioned through AD groups, Oracle accesses provisioned through Mulesoft integration, each of these uses their own service account, non-managed accounts, meaning no one log into those accounts. 
For Orchestration, we have the account setup in the Logon As in the MID Server Windows Service. And many PowerShell activities use that account to perform their Orchestration tasks.

My question is, is it possible to enable MFA alongside with those type of accounts?

I'm asking this because our security team may enforce MFA in all accounts, including those, I'm still waiting for more details from them though.

1 ACCEPTED SOLUTION

MattSN
Mega Sage
Mega Sage

MFA is controlled at the endpoint that you connect to. So for your PowerShell connections from the MID Server, it would only apply if those Windows Servers required MFA for remote PowerShell, which I don't believe is possible today.

View solution in original post

4 REPLIES 4

VB14
Tera Contributor

I have similar ask but in Service Catalog Space let me know if you find any idea / suggestion how to perform it.  MFA Setup for AD Password Reset(Catalog) - ServiceNow Community

That should be doable with not much effort, we did that here. I'll reply in your post later today. I'm on my phone now.

MattSN
Mega Sage
Mega Sage

MFA is controlled at the endpoint that you connect to. So for your PowerShell connections from the MID Server, it would only apply if those Windows Servers required MFA for remote PowerShell, which I don't believe is possible today.

Thanks, Matt.

So far with my research I end up with same conclusion. 

Thank you.