I know 2 factor authentication configuration.
When I configurate it, all view user need to 2 factor authentication.
I want to user 2 factor authentication for some users.
For external users using 2 factor authentication (domain and radius).
For internal users only using domain authentication.
How to configre it?
vCenter, vSphere: 5.5
Please help me.
How many view connection/security servers do you have? and what is the size of the environment?
What you can do is the following;
1 Connection server for internal connections
1 Connection server for external connections configured with 2 factor authentication
1 Security server connected to the second connection server configured with 2 factor authentication
For redundancy you can extend the number of connection/security servers.
Please let me now if you got more questions.
Kevin has the right answer as this is the setup we had recommended to us by VMware. We did take it a step further as we have another set of users using smart cards for authentication so we have
2 connection servers for Internal. Load balanced
2 connection servers with access points for external connections. (We are on 7 now but previously used the security servers paired before)
2 connection servers setup for smart card auth with access points for external connections
You could have this config with a single connection server if you really wanted (and upgraded to a more recent release of View). Now days you could configure RADIUS on the Access Point only ,that way when the users connect from outside they get 2-factor auth, but when connecting directly to a connection server internally, they do not use 2 factor. Of course, you should really have at least two connection servers for redundancy.
Connection server linked to UAG or Security Server MUST have RSA enabled so external connections can connect with 2 Factor Auth. through UAG.
If you enable RSA at UAG level but at connection server is disabled, no RSA policy is applied to that UAG.....
I have multiple customers with RSA SecurID 2FA working on UAG without having anything enabled on Connection Servers.
Maybe you have missed something in UAG Config. Did you set the auth-method on the Horizon Settings page? Just enabling the RSA SecurID is not enough.