VMware added support for RADIUS, allowing you to integrate with third-party multi-factor authentication products. SecureAuth IdP takes advantage of this RADIUS support by enabling Administrator-free distribution of 2-Factor Authentication to VMware View using one of our OATH mobile OTP applications:
- iOS
- Android
- Windows Phone
- BlackBerry
- Windows Desktop
- Macintosh Desktop
- Browser OTP Application
- OATH-Compliant Hardware Tokens
RADIUS has been around since the early 1990s, and many organizations offer two-factor authentication with RADIUS. SecureAuth’s low-friction user enrollment and self-provisioning/de-provisioning of OTP devices offers a unique and valuable mechanism for deploying this multi-factor authentication while removing the burden from the administrators managing the solution.
Unlike typical hardware tokens which require the administrator to follow a tedious process to associate each token serial number to a user account, usually by importing token serial numbers and manually matching these serial numbers to an account; SecureAuth provides a simple user self-registration process. Users may download the mobile OTP application from the SecureAuth mobile app store (or the appropriate vendor mobile application store) and self-register their mobile OTP application using any combination of our 20 authentication methods.
Once configured, users login to VMware View using a simple 2-factor process:
Enter their username and password
Retrieve OTP from mobile application
Enter OTP from Mobile OTP app/token
The administration configuration is also easy and straight forward.
1) On the VMware View Connection Server, select the Authentication page, and create a new RADIUS Authenticator
2) Configure the authenticator to your SecureAuth IdP RADIUS server by configuring the address, ports, protocol, and shared secret. If desired, configure a secondary authentication server for fault tolerance
3) In the SecureAuth Radius server configuration “radius.config” file, specify the following components:
- URL Path to the SecureAuth Moble OTP Registration and Validation Realm
- Shared Secret Configured on the VMware View Connection
- RADIUS Authentication and Accounting Ports
- Authorized RADIUS Clients and Allowed Methods — for VMware View, configure “PASSWORD_AND_OTP” to force a multi-factor authentication
4) Configure The SecureAuth mobile OTP Registration Realm (998 be default) for the desired single or multi-factor methods to validate users when they register their Mobile OTP Token applications:
1. SMS OTP
2. Telephony OTP
3. Email OTP
4. Static PIN
5. KBA/KBQ (Knowledge Based Questions and answers)
6. Yubikey (USB)
7. X.509 Native
8. X.509 Java
9. NFC Prox Card
10. CAC/PIV Card
11. Mobile OATH Token (TOTP)
12. Browser OATH Token (TOTP)
13. Windows Desktop OATH Token (TOTP)
14. Third-Party OATH token (TOTP)
15. PUSH Notification
16. Help Desk
17. Social IDs (Google, Facebook, Twitter, LinkedIn)
18. Federated IDs (SAML, WS-Fed, OpenID)
19. Device Fingerprinting
20. Password
2. Telephony OTP
3. Email OTP
4. Static PIN
5. KBA/KBQ (Knowledge Based Questions and answers)
6. Yubikey (USB)
7. X.509 Native
8. X.509 Java
9. NFC Prox Card
10. CAC/PIV Card
11. Mobile OATH Token (TOTP)
12. Browser OATH Token (TOTP)
13. Windows Desktop OATH Token (TOTP)
14. Third-Party OATH token (TOTP)
15. PUSH Notification
16. Help Desk
17. Social IDs (Google, Facebook, Twitter, LinkedIn)
18. Federated IDs (SAML, WS-Fed, OpenID)
19. Device Fingerprinting
20. Password
Comments
Post a Comment