https://communities.vmware.com/wbsdv95928/tracker djwilliams979 Tracker Fri, 24 Nov 2023 03:08:21 GMT 2023-11-24T03:08:21Z https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Is-2-Factor-at-the-Pool-Level-Possible-in-VDI/m-p/465279#M75456 <HTML><HEAD></HEAD><BODY><P>That is an outstanding reply.&nbsp; I just went through some options with a coworker and had nearly settled on an option but you have me interested in validating the MFA capabilities.&nbsp; If two factor isn't required, it should be able to authenticate a user without prompting for a token.&nbsp; The question for them I would think is do those users still have to be licensed or is the license tied to a token?</P><P></P><P>Awesome!&nbsp; Thank you!</P></BODY></HTML> Thu, 13 Jun 2019 16:30:14 GMT https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Is-2-Factor-at-the-Pool-Level-Possible-in-VDI/m-p/465279#M75456 djwilliams979 2019-06-13T16:30:14Z https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Is-2-Factor-at-the-Pool-Level-Possible-in-VDI/m-p/465277#M75454 <HTML><HEAD></HEAD><BODY><P>Well our plan was to force all traffic, internal and external through the UAG so that all users sessions were treated the same but you bring up an interesting situation I hadn't considered.&nbsp; How well do we isolate the internal connection servers?&nbsp; If only certain users should be able to access the connection servers for internal resolution than we could hand that at the firewall where we segment that traffic.&nbsp; </P><P></P><P>Or possibly perform 2 factor on the F5 VIP instead.&nbsp; We would have to maintain different VIPs but it gives me some options to run through on the whiteboard.&nbsp; Thank you!</P></BODY></HTML> Thu, 13 Jun 2019 15:27:14 GMT https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Is-2-Factor-at-the-Pool-Level-Possible-in-VDI/m-p/465277#M75454 djwilliams979 2019-06-13T15:27:14Z https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Is-2-Factor-at-the-Pool-Level-Possible-in-VDI/m-p/465275#M75452 <HTML><HEAD></HEAD><BODY><P>Good Morning vmware magicians,</P><P></P><P>I have what is probably a newb question and I think I know the answer, in which case, this becomes a solicitation for ideas.&nbsp; So here it is!</P><P></P><P>Can we enable 2 factor authentication at the pool level instead of at the UAG?&nbsp; The use case for this is to only enforce 2 factor where it is necessary because, you guessed it, licensing costs money and we have a bunch of people who don't need it at the pool level because it is implemented on all of the applications themselves that they access.</P><P></P><P>My understanding is that 2fa on VDI is kind of an all or nothing thing that you apply to the UAG and or connection servers.&nbsp; In that case, does anyone have any experience implementing 2fa in this way using the desktop image itself perhaps?&nbsp; Or using some special voodoo that I'm not aware of?</P><P></P><P>Thank you very much for any thoughts or ideas!&nbsp; </P><P></P><P>Dave</P></BODY></HTML> Thu, 13 Jun 2019 13:02:34 GMT https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Is-2-Factor-at-the-Pool-Level-Possible-in-VDI/m-p/465275#M75452 djwilliams979 2019-06-13T13:02:34Z