1 person found this helpful
From what I've seen once a authentication method is configured it can't be unconfigured. However, you can have multiple authentication methods configured with AND or OR operators. It just comes down to what is enabled under the edge settings which can be multiples (You could have securid-auth & radius-auth or securid-auth OR radius-atuh). One of the examples given on the UAG is having securid-auth OR radius-auth configured where one or the other will be enforced.
Edit: I did some additional digging and starting with UAG 3.4 there is a note that is not present with prior versions. markbenson is this a known issue in 3.4, change in 3.4 or did this not actually work in the past?
Only one of the two factor user authentication methods can be specified for an Edge Service. This can be Certificate/Smart Card authentication, RADIUS authentication, or RSA Adaptive Authentication.
Chris_Nodak - If you've added the RADIUS config (under "Authentication Settings") on UAG you should be able to select that in the Horizon Settings (under "Edge Service Settings") in "Auth Methods". Set it to radius-auth & sp-auth instead of (securid-auth & sp-auth). It is the Horizon Edge Service Settings that determines what authentication will actually be used for Horizon clients.
BenFB Thanks for the reply. I did find that in the Edge settings. And that note you found is what I was referring to about running both options. After some initial testing, I couldn't get it to work, but I expect that's a configuration issue on our end with the identity router, I'll follow up with RSA on that piece.
This seems mad that you cant change authentication settings either, I can't even clear node secret and press save without ' choose authentication method errors''
Has anyone else got round this?
( RSA SecurID)