UAG 2FA using RADIUS

IainM1 · ‎10-21-2019

I'm investigating the config of 2FA on our internet facing UAG appliances and I'm thinking using a RADIUS server running on Windows Server 2012 NPS. Has anyone tried this and had success?

Any suggestions for alternatives are also welcome but, there will be thousands of users potentially using this so using physical tokens is not an option.

Thanks for any help.

MaxStr · ‎10-22-2019

I was able to get this working by using the Azure MFA Server and the Microsoft Authentication app. I ended up dropping it pretty quickly, though. The UAG didn't pass on the user's IP to the RADIUS server, so I couldn't create IP exclusions for my internal network. Also I learned that the Azure MFA Server is discontinued and there's no cloud MFA equivalent, so that's a non-starter.

This blog should get you started on the RADIUS part: https://www.vgarethlewis.com/2019/05/23/integrating-vmware-horizon-with-azure-multi-factor-authentic...

IainM1 · ‎10-23-2019

Azure MFA would have been an option, but if it's discontinued then I'll avoid that. Thanks for the URL, I'll have a read through it.

All

UAG 2FA using RADIUS