Setting up two-factor authentication for VMware Horizon Cloud DaaS (VDI)
General information
This article describes how to configure VMware Horizon Cloud (VDI) with Unified Access Gateway to connect to remote desktops and applications with two-factor authentication.
Possible authentication methods:
MultiFactor Mobile Application
SMS
Hardware OTP tokens
OTP applications: Google Authenticator or Yandex.Key
Telegram
To configure the second factor of authentication, you will need to install and configure the MultiFactor Radius Adapter.
tip
The second factor can be configured in dialogue mode with the user.
Video presentation
Scheme of work
- The user connects to the desktop, enters the username and password in Horizon Client;
- VMware Unified Access Gateway connects to the MultiFactor Radius Adapter component via the RADIUS protocol;
- The component checks the user's login and password in Active Directory and requests a second authentication factor;
- The user confirms the access request on the phone or enters a one-time code in the Horizon Client.
Configuring Unified Access Gateway
- Log into the Unified Access Gateway administrative console.
- Select the "Configure Manually" option.
- In the "Authentication Settings" section, open the RADIUS parameters:
- Enable RADIUS: YES
- Authentication Type: PAP
- Shared secret: Shared Secret from the component settings
- Server Timeout In Seconds: 40
- RADIUS Server Host name: address of the MultiFactor Radius Adapter component
- Authentication Port: 1812
- Save and close
- In the "Edge Service Settings" section, open the "Horizon Settings" >> more options:
- Auth Methods: RADIUS
- Passcode label for RADIUS: Password
- Match Windows User Name: YES
- Enable Windows SSO: YES
- Save and close.
See also: