VMware Cloud Community
AllanKjaer
Enthusiast
Enthusiast

MFA in onprem vRealize Automation 8.x

Is it possible to enable multifactor authentication i vRealize Automation 8.x, it was passible in version 7, but i don't see it version 8. 

If not, do anybody know if it's on the roadmap. This is feature that multiple of my customer would like to see, with something like Azure MFA.

Reply
0 Kudos
6 Replies
xian_
Expert
Expert

As vRA8 uses idM / workspace one, they support MFA. I have not used it but according to a quick search looks supported.

HTH

kev01228
Enthusiast
Enthusiast

For what it's worth, we do our MFA using Okta. It works as advertised.

https://help.okta.com/en/prod/Content/Topics/device-trust/SAML/Mobile/configure-okta-idp-vidm.htm

AllanKjaer
Enthusiast
Enthusiast

Thanks, that did help, I got it to work with Azure AD, I might do a blog about the configuration next week.

AllanKjaer
Enthusiast
Enthusiast

Just did a blog about how to configure this.

https://www.virtual-allan.com/vra-8-x-and-azure-ad-mfa/

evil242
Enthusiast
Enthusiast

Hi, I just read through your blog and am about to test in my own initial environment.  I have a green field I've blown away and redeployed a few times. 

I'm a little hesitant to disable users at local domain.  But I think there may be a way to isolate and allow based on the IP range.  So I am going to test that and will report back my findings. 

But I'd love to hear from anyone else who has any additional input on using this method or others for MFA. 

Thanks again for the blog.

 

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist * . + * . + . + . + * +
UNM – IT Platforms – VIS + . . . . . . . . .
. + . + * . + * .
* . . + . . . . + . + * + .
“You learn the job of the person above you, * + . + * @
and you teach your job to the person below you..” . * +
Reply
0 Kudos
evil242
Enthusiast
Enthusiast

So I created a separate policy, and that didn't seem to work. 

But following the directions in the blog; and then adding to the default policy, a special management network, that uses the original Password / fallback Password (Local Directory).  It works. 

From the special management network, it uses normal auth method and you can login as the admin account you created at install; or you can change domain to use local AD.

From anywhere else, when you click login, it goes out to Azure AD requiring MFA.

vRA8-vIDM-AzureAuth.png

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist * . + * . + . + . + * +
UNM – IT Platforms – VIS + . . . . . . . . .
. + . + * . + * .
* . . + . . . . + . + * + .
“You learn the job of the person above you, * + . + * @
and you teach your job to the person below you..” . * +
Reply
0 Kudos