Wikis - Page

Configuring Advanced Authentication Integration with VMware Horizon View

0 Likes

This document provides information on how to configure Advanced Authentication with VMware View.

To configure the Advanced Authentication integration with VMware View you’ll have to perform the following configuration tasks:

    • Configure the Advanced Authentication Chains

 

    • Configure the Advanced Authentication RADIUS Server

 

    • Configure the VMWare Horizon View Connection Server

 

    • Assign Emergency Password for a specific user



 

Configure the Advanced Authentication Methods and Chains



    1. Open the Advanced Authentication Administration portal

 

    1. Click Methods and configure your authentication methods (I configured the Smartphone method)

 

    1. Configure the Emergency Password method, this allows you to specify an emergency password for a user in case he forgot or lost his Smartphone, Key etc.

 

    1. Click Chains and create a new chain with you previously configured methods, make sure that the Emergency Password method is the first on the list.



 

Configure the Advanced Authentication RADIUS Server



    1. Open the Advanced Authentication Administration portal

 

    1. Click Events > Radius Server

 

    1. Set Is enabled to ON

 

    1. Move one or more chains from Available to Used list. Ensure that the chains are assigned to the appropriate group of users in Roles & Groups of the Chains section

 

    1. Click Client > Add

 

    1. Specify an IP address or FQDN of the VMWare Horizon View Connection Server

 

    1. Specify a secret and confirm it

 

    1. Set Enabled to ON

 

    1. Click Save in Client

 

    1. Click Save in Events




Configure the VMWare  Horizon View Connection Server



    1. Sign-in to the VMware Horizon View Administrator portal

 

    1. Click View Configuration

 

    1. Click Servers

 

    1. Click Connection Servers

 

    1. Select the Connection Server you like to configure for Advanced Authentication

 

    1. Click Edit

 

    1. Click Authentication

 

    1. Under Advanced Authentication select RADIUS as 2-factor authentication method

 

    1. Enable Enforce 2-factor and Windows user name matching

 

    1. Enable Use the same user name and password for RADIUS and Windows authentication

 

    1. Click Manage Authenticators…

 

    1. Click Add….

 

    1. Set a Labelg. login.company

 

    1. Set a Descriptiong. AAF Radius Server

 

    1. Set Hostname / Addressg. 192.168.100.99 or FQDN of your AAF server

 

    1. Leave Authentication port default (1812)

 

    1. Set Accounting port to 0 (this is important as AAF RADIUS seems not to support Radius accounting)

 

    1. Leave Authentication type default (PAP)

 

    1. Set Shared secret to the same value you defined in the AAF RADIUS settings

 

    1. Change the Server timeout g. 20 seconds

 

    1. Finalize the authenticator settings

 

    1. Select your new Authenticator



 
Assign Emergency Password for a specific user

The Emergency Password method allows the Helpdesk to assign an Emergency Password for a specific user in case he’s not able to use the defined method / chain.

Because the Emergency Password method is the first method in the chain the helpdesk can set a password for a specific user allowing to login with that password as 2nd factor.


    1. Open the Advanced Authentication Helpdesk portal (https://myaafserver.com/helpdesk)

 

    1. Select the user

 

    1. Create and assign a password and define max. logins and validity time range

 

    1. Communicate the user the password




Test and enjoy 2-Factor authentication 

Labels:

How To-Best Practice
Comment List
Related
Recommended