Setting up VMware Horizon View (VDI) two-factor authentication

General information

This article describes how to configure VMware Horizon View (VDI) for remote desktop connection with two-factor authentication.

Possible authentication methods:

• MultiFactor Mobile Application
• SMS
• Hardware OTP tokens
• OTP applications: Google Authenticator or Yandex.Key
• Telegram

To configure the second factor of authentication, you will need to install and configure the MultiFactor Radius Adapter.

might be useful

The second factor can be configured in dialogue mode with the user.

Video presentation

Scheme of work

1. The user connects to the desktop, enters the login and password in Horizon View;
2. VMware Horizon connects to the MultiFactor Radius Adapter component via the RADIUS protocol;
3. The component checks the user's login and password in Active Directory or Network Policy Server and requests a second authentication factor;
4. The user confirms the access request on the phone or enters a one-time code in Horizon View.

Setting up VMware Horizon

1. Log into the VMware Horizon administrative console.
2. Open View Configuration -> Servers -> Connection Servers, select a server and click Edit.
3. On the "Authentication" tab, in the "Advanced Authentication" section, select "RADIUS" in the 2-fa authentication list.
4. Enable "Enforce 2-factor and Windows user name matching" and "Use the same user name and password for RADIUS and Windows authentication".
5. Select "Create New Authenticator" from the Authenticator list:
   • Label: MultiFactor
   • Description: custom description
   • Hostname/Address: address of the MultiFactor Radius Adapter component
   • Authentication port: 1812
   • Accounting port: 0
   • Authentication type: PAP
   • Shared secret: Shared Secret from the component settings
   • Server Timeout: 40
6. Save and close.

See also:

• Configuring VMware vCloud Director two-factor authentication.
• Configuring VMware Horizon Cloud two-factor authentication.