![]() When users signed in remotely, the security server would proxy all authentication traffic back to the connection server that it was paired with. When the Security Server was the only option, two-factor authentication was enabled on the Connection Servers. There are some key differences between how these two technologies work. Understanding Unified Access Gateway Authentication Pathīefore I configure the Unified Access Gateway for two-factor authentication with Duo, let’s walk through how the appliance handles authentication for Horizon environments and how it compares to the Security Server. It will validate these against Active Directory before prompting the user for their second authentication factor. When using Active Directory as the authentication source, Duo will utilize the same username and password as the user’s AD account. In addition to providing their own authentication source, they can also integrate into existing Active Directory environments or RADIUS servers. Duo utilizes an on-premises Authentication Proxy to integrate with customer systems. Duo also supports VMware Horizon, although they do not currently have any documentation on integrating with the Access Point/Unified Access Gateway.ĭuo Security for Multi-factor Authenticationĭuo Security is a cloud-based MFA provider. ![]() I’ve been using Duo Security for a while because they support RADIUS, have a mobile app, and have a free tier. The Unified Access Gateway supports the following two-factor authentication technologies:īecause I’m doing this in a lab environment, I decided to use a RADIUS-based technology for this post. The Unified Access Gateway supports multiple options for two-factor authentication, and many real-world deployments will use some form of two-factor when granting users access to their desktops and applications remotely. ![]() That post walked through the basic deployment steps. In my last post, I went through the steps for deploying a Horizon Access Point/Unified Access Gateway using the PowerShell deployment script. This should make the post easier to follow. Note: After publishing, I decided to rework this blog post a bit to separate the AD-integrated Duo configuration from the Duo-only configuration. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |