3 Replies Latest reply on Jan 11, 2019 8:33 AM by mmonkman

    UAG 3.2.1 - Radius Prompts for token first

    mmonkman Novice

      Hi,

       

      I'm using UAG 3.2.1 for radius authenticated external connections into our Horizon 7.5.0 environment.

       

      Does anyone know if its possible to be prompted for AD credentials first, followed by RADIUS passcode, rather than RADIUS username and passcode then AD creds?

       

      Long story, but our users are used to being prompted this way for other systems access, so it's a big issue.

       

      It looks like I have to setup a whole Identity Manager environment to facilitate this where you simply specify the order, ie password, Radius.


      Thanks,

       

      Matt

        • 1. Re: UAG 3.2.1 - Radius Prompts for token first
          techguy129 Expert
          vExpert

          I had the same challenge with setting up RADIUS/MFA using the UAG/Horizon. I didn't find a way around it. I wish there was better support for radius / federation in UAG.

           

          As you mention, IDM is the route I went. With IDM (Workspace), I have it configured to auth with an 3rd party IDP. Users are sent to Shibboleth to do the authentication (MFA/AD auth). Using this method, I had to setup TrueSSO for the single signin experience.

          • 2. Re: UAG 3.2.1 - Radius Prompts for token first
            BenFB Expert

            It depends on your RADIUS server and what it's configured or capable of doing. We use Duo, it first prompts for AD username/password and then the user receives a MFA push to their device/SMS/phone call.

            • 3. Re: UAG 3.2.1 - Radius Prompts for token first
              mmonkman Novice

              Thanks for the response. 

               

              We use Symantec VIP for radius auth which provides a numeric token that doesn't match a users AD password, so still get challenged at the connection server end.


              I'll head down the IDM route then.  Was hoping not to increase the infrastructure to support remote access to desktops but I'm sure we'll end up leveraging other features of Workspace in the future.