Configuring Two-Factor Authentication for VMware Horizon Cloud DaaS (VDI)

Overview

This article describes how to configure VMware Horizon Cloud (VDI) with Unified Access Gateway to connect to remote desktops and applications with two-factor authentication.

Possible authentication methods:

• Mobile MultiFactor application
• SMS
• Hardware OTP-tokens
• Software OTP-tokens and applications (eg. Google Authenticator)
• Telegram

To configure the second authentication factor, you will need to install and configure the MultiFactor Radius Adapter.

Workflow

1. User connects to desktop, enters username and password in Horizon Client;
2. VMware Unified Access Gateway connects to MultiFactor Radius Adapter via RADIUS;
3. The component checks the user's Active Directory login and password and requests a second authentication factor;
4. The user confirms the access request on the phone or enters a one-time code in the Horizon Client.

Unified Access Gateway configuration

1. Navigate to the Unified Access Gateway administrative console.
2. Select the Configure Manually option.
3. Under 'Authentication Settings' open the RADIUS settings:

• Enable RADIUS: YES
• Authentication Type: PAP
• Shared secret: Shared Secret from the component settings
• Server Timeout In Seconds: 40
• RADIUS Server Host name: Address of the MultiFactor Radius Adapter component
• Authentication Port: 1812
• Save and close

4. Under Edge Service Settings open the Horizon Settings >> more:

• Auth Methods: RADIUS
• Passcode label for RADIUS: Password
• Match Windows User Name: YES
• Enable Windows SSO: YES
• Save and close.

See also:

• Configuring two-factor authentication for VMware vCloud Director.
• Configuring VMware Horizon View two-factor authentication.