This article describes how to configure VMware Horizon Cloud (VDI) with Unified Access Gateway to connect to remote desktops and applications with two-factor authentication.
Possible authentication methods:
Mobile MultiFactor application
Software OTP-tokens and applications (eg. Google Authenticator)
To configure the second authentication factor, you will need to install and configure the MultiFactor Radius Adapter.
- User connects to desktop, enters username and password in Horizon Client;
- VMware Unified Access Gateway connects to MultiFactor Radius Adapter via RADIUS;
- The component checks the user's Active Directory login and password and requests a second authentication factor;
- The user confirms the access request on the phone or enters a one-time code in the Horizon Client.
Unified Access Gateway configuration
- Navigate to the Unified Access Gateway administrative console.
- Select the Configure Manually option.
- Under 'Authentication Settings' open the RADIUS settings:
- Enable RADIUS: YES
- Authentication Type: PAP
- Shared secret: Shared Secret from the component settings
- Server Timeout In Seconds: 40
- RADIUS Server Host name: Address of the MultiFactor Radius Adapter component
- Authentication Port: 1812
- Save and close
- Under Edge Service Settings open the Horizon Settings >> more:
- Auth Methods: RADIUS
- Passcode label for RADIUS: Password
- Match Windows User Name: YES
- Enable Windows SSO: YES
- Save and close.