@r0ck,

Please see the documentation around adding a new connector and RSA securID to see how to enable 2 factor auth.

Hi

From what I can see, Horizon Workspace do NOT support 2 factor authentication. I have tried to configure 2 factor with RSA SecureID, but it seems to be an either or configuration. Either Active Directory OR RSA SecurID. This really isn't good enough...

Please correct me if I'm wrong and I have missed something...

You can only use one authentication mechanism per connector so to have two you need to deploy another connector.

For example here at VMware we have one for external connections (RSA SecurID) and one for internal connections (AD).

// Linjo

Having one connector for internal and another for external access is no problem, but that does not help the fact that Horizon Workspace does not support 2 factor authentication. Are there any plans to implement 2-factor?

Not sure what you mean by that, RSA SecurID is 2-factor authentication...

http://www.emc.com/security/rsa-securid.htm

// Linjo

OK, maybe I am using the wrong term then. What I mean is combining Active Directory and RSA. Just like you can on Horizon View. Meaning that you first authenticate against RSA, then your Active Directory.

Sorry about the confusion.

Aha, then I understand you.

No, that cannot be done when authenticating to Horizon Workspace, however if you are authenticating with RSA SecurID then you will need to supply your AD Username/Password if you are accessing a View Desktop from Workspace, that is because you will need that to authenticate to the Windows-session.

Our PM:s are monitoring this thread and hoping that they take your request about using both RSA SecurID and AD-login on the same connector in the same session.

// Linjo

Thanks for your response. I do hope your PM's are listening

@moug,

View asks for password because it needs to log you in to the windows desktop, which requires a password.

In the regular horizon use case, we don't need your password, so, we just ask for RSA securID.

This has never been tagged as a security issue on our end. Just asking for RSA Secur ID passcode was enough.

Can you please elaborate on why you need it? Is it more for security or other reasons?

Hi

It is for security reasons. We want 2 layers of authentication for all external access. A personal (complex) password (from AD) in addition to a PIN (from RSA) makes a more secure solution. Especially when you use On-Demand token codes. These codes are usually sent to the users mobile phone. If the phone is secured with a PIN, the user probably uses the same PIN on RSA and as a passcode to the workspace client...

Another thing I would like to see in Horizon Workspace, is a session timeout policy...