6 Replies Latest reply on Oct 8, 2019 10:34 AM by andiwe79

    2 factor authentication

    10442677 Lurker



      I know 2 factor authentication configuration.

      When I configurate it, all view user need to 2 factor authentication.


      I want to user 2 factor authentication for some users.



      For external users using 2 factor authentication (domain and radius).

      For internal users only using domain authentication.

      How to configre it?


      vCenter, vSphere: 5.5

      View: 5.3


      Please help me.



        • 1. Re: 2 factor authentication
          kevinpower Enthusiast



          How many view connection/security servers do you have? and what is the size of the environment?


          What you can do is the following;


          1 Connection server for internal connections

          1 Connection server for external connections configured with 2 factor authentication

          1 Security server connected to the second connection server configured with 2 factor authentication


          For redundancy you can extend the number of connection/security servers.


          Please let me now if you got more questions.





          • 2. Re: 2 factor authentication
            JaceJ Enthusiast

            Kevin has the right answer as this is the setup we had recommended to us by VMware.  We did take it a step further as we have another set of users using smart cards for authentication so we have


            2 connection servers for Internal.  Load balanced

            2 connection servers with access points for external connections.  (We are on 7 now but previously used the security servers paired before)

            2 connection servers setup for smart card auth with access points for external connections

            • 3. Re: 2 factor authentication
              kevinpower Enthusiast




              Are there more questions? or is this question answered


              Please mark this question as answered





              • 4. Re: 2 factor authentication
                pchapman Hot Shot

                You could have this config with a single connection server if you really wanted (and upgraded to a more recent release of View).  Now days you could configure RADIUS on the Access Point only ,that way when the users connect from outside they get 2-factor auth, but when connecting directly to a connection server internally, they do not use 2 factor.  Of course, you should really have at least two connection servers for redundancy.

                • 5. Re: 2 factor authentication
                  romanqm12 Lurker



                  Connection server linked to UAG or Security Server MUST have RSA enabled so external connections can connect with 2 Factor Auth. through UAG.


                  If you enable RSA at UAG level but at connection server is disabled, no RSA policy is applied to that UAG.....


                  Really disgusting

                  • 6. Re: 2 factor authentication
                    andiwe79 Enthusiast

                    I have multiple customers with RSA SecurID 2FA working on UAG without having anything enabled on Connection Servers.

                    Maybe you have missed something in UAG Config. Did you set the auth-method on the Horizon Settings page? Just enabling the RSA SecurID is not enough.