Wednesday, 24 December 2014

VMware View 2 Factor Authentication Radius

 VMware added support for RADIUS, allowing you to integrate with third-party multi-factor authentication products. SecureAuth IdP takes advantage of this RADIUS support by enabling Administrator-free distribution of 2-Factor Authentication to VMware View using one of our OATH mobile OTP applications:
  • iOS
  • Android
  • Windows Phone
  • BlackBerry
  • Windows Desktop
  • Macintosh Desktop
  • Browser OTP Application
  • OATH-Compliant Hardware Tokens

RADIUS has been around since the early 1990s, and many organizations offer two-factor authentication with RADIUS. SecureAuth’s low-friction user enrollment and self-provisioning/de-provisioning of OTP devices offers a unique and valuable mechanism for deploying this multi-factor authentication while removing the burden from the administrators managing the solution.

Unlike typical hardware tokens which require the administrator to follow a tedious process to associate each token serial number to a user account, usually by importing token serial numbers and manually matching these serial numbers to an account; SecureAuth provides a simple user self-registration process. Users may download the mobile OTP application from the SecureAuth mobile app store (or the appropriate vendor mobile application store) and self-register their mobile OTP application using any combination of our 20 authentication methods.

Once configured, users login to VMware View using a simple 2-factor process:
Enter their username and password

Retrieve OTP from mobile application

Enter OTP from Mobile OTP app/token

The administration configuration is also easy and straight forward.
1) On the VMware View Connection Server, select the Authentication page, and create a new RADIUS Authenticator
2) Configure the authenticator to your SecureAuth IdP RADIUS server by configuring the address, ports, protocol, and shared secret. If desired, configure a secondary authentication server for fault tolerance

3) In the SecureAuth Radius server configuration “radius.config” file, specify the following components:
    • URL Path to the SecureAuth Moble OTP Registration and Validation Realm
    • Shared Secret Configured on the VMware View Connection
    • RADIUS Authentication and Accounting Ports
    • Authorized RADIUS Clients and Allowed Methods — for VMware View, configure “PASSWORD_AND_OTP” to force a multi-factor authentication 


4) Configure The SecureAuth mobile OTP Registration Realm (998 be default) for the desired single or multi-factor methods to validate users when they register their Mobile OTP Token applications:
1.  SMS OTP
2.  Telephony OTP
3.  Email OTP
4.  Static PIN
5.  KBA/KBQ (Knowledge Based Questions and answers)
6.  Yubikey (USB)
7.  X.509 Native
8.  X.509 Java
9.  NFC Prox Card
10. CAC/PIV Card
11. Mobile OATH Token (TOTP)
12. Browser OATH Token (TOTP)
13. Windows Desktop OATH Token (TOTP)
14. Third-Party OATH token (TOTP)
15. PUSH Notification
16. Help Desk
17. Social IDs (Google, Facebook, Twitter, LinkedIn)
18. Federated IDs (SAML, WS-Fed, OpenID)
19. Device Fingerprinting
20. Password