Error Loading Groups in Azure MFA Server

If you have implemented an om-premise Azure MFA server and have an Active Directory with many objects, you might have run into this issue (Error loading security groups), when trying to load groups in the Directory Integration – Synchronization of the Azure MFA Server Console.

The error is seen when choosing Add under the Synchronization Tab in the Multi-Factor server Console, when trying to setup Filtering for certain groups, so that the MFA server automatically can import users, based on group membership.

image

For some reason it is coming with this error in reading the security groups, if you have specific groups, like in my scenario,  that you want to load, you can use the Filters tab to narrow down search results to those groups.

A solution to the above, would be changing the Filtering settings, the default Filtering settings are:

snip_20160602093004

Change the security group filter from the default:

“(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=-2147483648))”

to

“(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=-2147483648)(name=MFA*))”

This will narrow down the security groups to only try and load the groups that start with the word “MFA”.

It will look like:

snip_20160602095119

Now you can go into Synchrinization – Add and add the Security Groups to want to filter on for enabling users for Multi-Factor Authtication (MFA).

+PeterSchmidt