Dear all,
I have successfully implemented an integration between UAG and Azure MFA. However, I would now like to delete the double authentication that I am required to access the VMs
VDI (Azure MFA and Horizon). is that possible? I only found documentation that tells me about TRUE SSO.
Thank you
Fabio
For Azure MFA, UAG, Horizon and TRUE SSO integration I solved this procedure:
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-1/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-2/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-3/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-4/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-5/
Are you using SAML or RADIUS?
If SAML, you will need to implement True SSO. The UAG has no chance to capture credentials for the Windows login with SAML.
If RADIUS, use the Enable Windows SSO option to pass the same username/password used in the initial prompt to the CS.
-Nick
Thank you Nick, I will use UAG and SAML, now I am studing to active true SSO
Bye Fabio
Fabio,
It is indeed possible to avoid double authentication without using True SSO. You need to select SAML and Passthrough as authentication method.
Lars
Hello Lars,
I currently have my two UAGs on which I have configured the integration with Azure AD and MFA as indicated by this Microsoft guide
and the integration with MFA works perfectly, but once authenticated with Azure AD / MFA I have to enter the domain credentials to authenticate on the Horizon infrastructure.
If I configure SAML and Passthrough I guess I have to configure the connection servers to communicate with Azure AD or what else?
Thank You
Fabio
Hello lars,
is there any documentation for the configuration? i tried but it doesn't work.
Thank You
Fabio
Fabio,
I don't think I found the exact documentation when this was setup, but it is working fine here:
This means, if the user is already logged into Office365 they will also not be challenged to logon to the UAG as they're already logged in.
Lars
In summary, I configure the integration between Azure AD (Enterprise application) and UAG, then I proceed with the implementation of trueSSO (vIDM-workspaceOne, CA, etc. ..). It is not clear to me, however, if when the user connects he will land on the Workspace One portal or on the classic horizon portal?
it could work!!
For Azure MFA, UAG, Horizon and TRUE SSO integration I solved this procedure:
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-1/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-2/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-3/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-4/
https://blog.pollaio.site/2021/02/28/azure-mfa-uag-horizon-and-true-sso-step-5/