Hi,
I'm using UAG 3.2.1 for radius authenticated external connections into our Horizon 7.5.0 environment.
Does anyone know if its possible to be prompted for AD credentials first, followed by RADIUS passcode, rather than RADIUS username and passcode then AD creds?
Long story, but our users are used to being prompted this way for other systems access, so it's a big issue.
It looks like I have to setup a whole Identity Manager environment to facilitate this where you simply specify the order, ie password, Radius.
Thanks,
Matt
I had the same challenge with setting up RADIUS/MFA using the UAG/Horizon. I didn't find a way around it. I wish there was better support for radius / federation in UAG.
As you mention, IDM is the route I went. With IDM (Workspace), I have it configured to auth with an 3rd party IDP. Users are sent to Shibboleth to do the authentication (MFA/AD auth). Using this method, I had to setup TrueSSO for the single signin experience.
I had the same challenge with setting up RADIUS/MFA using the UAG/Horizon. I didn't find a way around it. I wish there was better support for radius / federation in UAG.
As you mention, IDM is the route I went. With IDM (Workspace), I have it configured to auth with an 3rd party IDP. Users are sent to Shibboleth to do the authentication (MFA/AD auth). Using this method, I had to setup TrueSSO for the single signin experience.
It depends on your RADIUS server and what it's configured or capable of doing. We use Duo, it first prompts for AD username/password and then the user receives a MFA push to their device/SMS/phone call.
Thanks for the response.
We use Symantec VIP for radius auth which provides a numeric token that doesn't match a users AD password, so still get challenged at the connection server end.
I'll head down the IDM route then. Was hoping not to increase the infrastructure to support remote access to desktops but I'm sure we'll end up leveraging other features of Workspace in the future.
Hi Ben, We also want to use DUO for MFA to UAG and I'm having the same issue:
When I connect using the VMWare Hortizon client it asks fist for the radius username and token (duo) instead of asking for the AD credentials, Can you share your DUO Radius config to validate what am I missing?
thanks in advance,
Andy