10442677
Contributor
Contributor

2 factor authentication

Hello

I know 2 factor authentication configuration.

When I configurate it, all view user need to 2 factor authentication.

I want to user 2 factor authentication for some users.

Example:

For external users using 2 factor authentication (domain and radius).

For internal users only using domain authentication.

How to configre it?

vCenter, vSphere: 5.5

View: 5.3

Please help me.

Thanks.

Tags (1)
6 Replies
kevinpower
Enthusiast
Enthusiast

Hello,

How many view connection/security servers do you have? and what is the size of the environment?

What you can do is the following;

1 Connection server for internal connections

1 Connection server for external connections configured with 2 factor authentication

1 Security server connected to the second connection server configured with 2 factor authentication

For redundancy you can extend the number of connection/security servers.

Please let me now if you got more questions.

Greetz.

Kevin

JaceJ
Enthusiast
Enthusiast

Kevin has the right answer as this is the setup we had recommended to us by VMware.  We did take it a step further as we have another set of users using smart cards for authentication so we have

2 connection servers for Internal.  Load balanced

2 connection servers with access points for external connections.  (We are on 7 now but previously used the security servers paired before)

2 connection servers setup for smart card auth with access points for external connections

0 Kudos
kevinpower
Enthusiast
Enthusiast

Hello,

Are there more questions? or is this question answered

Please mark this question as answered

Greetz,

Kevin

0 Kudos
pchapman
Hot Shot
Hot Shot

You could have this config with a single connection server if you really wanted (and upgraded to a more recent release of View).  Now days you could configure RADIUS on the Access Point only ,that way when the users connect from outside they get 2-factor auth, but when connecting directly to a connection server internally, they do not use 2 factor.  Of course, you should really have at least two connection servers for redundancy.

0 Kudos
romanqm12
Contributor
Contributor

Hello

Connection server linked to UAG or Security Server MUST have RSA enabled so external connections can connect with 2 Factor Auth. through UAG.

If you enable RSA at UAG level but at connection server is disabled, no RSA policy is applied to that UAG.....

Really disgusting

0 Kudos
andiwe79
Enthusiast
Enthusiast

I have multiple customers with RSA SecurID 2FA working on UAG without having anything enabled on Connection Servers.

Maybe you have missed something in UAG Config. Did you set the auth-method on the Horizon Settings page? Just enabling the RSA SecurID is not enough.

0 Kudos