6 Replies Latest reply on Oct 8, 2019 10:34 AM by andiwe79

    2 factor authentication

    10442677 Lurker

      Hello

       

      I know 2 factor authentication configuration.

      When I configurate it, all view user need to 2 factor authentication.

       

      I want to user 2 factor authentication for some users.

       

      Example:

      For external users using 2 factor authentication (domain and radius).

      For internal users only using domain authentication.

      How to configre it?

       

      vCenter, vSphere: 5.5

      View: 5.3

       

      Please help me.

       

      Thanks.

        • 1. Re: 2 factor authentication
          kevinpower Enthusiast
          vExpert

          Hello,

           

          How many view connection/security servers do you have? and what is the size of the environment?

           

          What you can do is the following;

           

          1 Connection server for internal connections

          1 Connection server for external connections configured with 2 factor authentication

          1 Security server connected to the second connection server configured with 2 factor authentication

           

          For redundancy you can extend the number of connection/security servers.

           

          Please let me now if you got more questions.

           

          Greetz.

           

          Kevin

          • 2. Re: 2 factor authentication
            JaceJ Enthusiast

            Kevin has the right answer as this is the setup we had recommended to us by VMware.  We did take it a step further as we have another set of users using smart cards for authentication so we have

             

            2 connection servers for Internal.  Load balanced

            2 connection servers with access points for external connections.  (We are on 7 now but previously used the security servers paired before)

            2 connection servers setup for smart card auth with access points for external connections

            • 3. Re: 2 factor authentication
              kevinpower Enthusiast
              vExpert

              Hello,

               

               

              Are there more questions? or is this question answered

               

              Please mark this question as answered

               

              Greetz,

               

              Kevin

              • 4. Re: 2 factor authentication
                pchapman Hot Shot
                vExpert

                You could have this config with a single connection server if you really wanted (and upgraded to a more recent release of View).  Now days you could configure RADIUS on the Access Point only ,that way when the users connect from outside they get 2-factor auth, but when connecting directly to a connection server internally, they do not use 2 factor.  Of course, you should really have at least two connection servers for redundancy.

                • 5. Re: 2 factor authentication
                  romanqm12 Lurker

                  Hello

                   

                  Connection server linked to UAG or Security Server MUST have RSA enabled so external connections can connect with 2 Factor Auth. through UAG.

                   

                  If you enable RSA at UAG level but at connection server is disabled, no RSA policy is applied to that UAG.....

                   

                  Really disgusting

                  • 6. Re: 2 factor authentication
                    andiwe79 Enthusiast

                    I have multiple customers with RSA SecurID 2FA working on UAG without having anything enabled on Connection Servers.

                    Maybe you have missed something in UAG Config. Did you set the auth-method on the Horizon Settings page? Just enabling the RSA SecurID is not enough.