This document provides information on how to configure Advanced Authentication with VMware View.

To configure the Advanced Authentication integration with VMware View you’ll have to perform the following configuration tasks:

  • Configure the Advanced Authentication Chains
  • Configure the Advanced Authentication RADIUS Server
  • Configure the VMWare Horizon View Connection Server
  • Assign Emergency Password for a specific user

 

Configure the Advanced Authentication Methods and Chains

  1. Open the Advanced Authentication Administration portal
  2. Click Methods and configure your authentication methods (I configured the Smartphone method)
  3. Configure the Emergency Password method, this allows you to specify an emergency password for a user in case he forgot or lost his Smartphone, Key etc.
  4. Click Chains and create a new chain with you previously configured methods, make sure that the Emergency Password method is the first on the list.

 

Configure the Advanced Authentication RADIUS Server

  1. Open the Advanced Authentication Administration portal
  2. Click Events > Radius Server
  3. Set Is enabled to ON
  4. Move one or more chains from Available to Used list. Ensure that the chains are assigned to the appropriate group of users in Roles & Groups of the Chains section
  5. Click Client > Add
  6. Specify an IP address or FQDN of the VMWare Horizon View Connection Server
  7. Specify a secret and confirm it
  8. Set Enabled to ON
  9. Click Save in Client
  10. Click Save in Events

Configure the VMWare  Horizon View Connection Server

  1. Sign-in to the VMware Horizon View Administrator portal
  2. Click View Configuration
  3. Click Servers
  4. Click Connection Servers
  5. Select the Connection Server you like to configure for Advanced Authentication
  6. Click Edit
  7. Click Authentication
  8. Under Advanced Authentication select RADIUS as 2-factor authentication method
  9. Enable Enforce 2-factor and Windows user name matching
  10. Enable Use the same user name and password for RADIUS and Windows authentication
  11. Click Manage Authenticators…
  12. Click Add….
  13. Set a Labelg. login.company
  14. Set a Descriptiong. AAF Radius Server
  15. Set Hostname / Addressg. 192.168.100.99 or FQDN of your AAF server
  16. Leave Authentication port default (1812)
  17. Set Accounting port to 0 (this is important as AAF RADIUS seems not to support Radius accounting)
  18. Leave Authentication type default (PAP)
  19. Set Shared secret to the same value you defined in the AAF RADIUS settings
  20. Change the Server timeout g. 20 seconds
  21. Finalize the authenticator settings
  22. Select your new Authenticator

 
Assign Emergency Password for a specific user

The Emergency Password method allows the Helpdesk to assign an Emergency Password for a specific user in case he’s not able to use the defined method / chain.

Because the Emergency Password method is the first method in the chain the helpdesk can set a password for a specific user allowing to login with that password as 2nd factor.

  1. Open the Advanced Authentication Helpdesk portal (https://myaafserver.com/helpdesk)
  2. Select the user
  3. Create and assign a password and define max. logins and validity time range
  4. Communicate the user the password

Test and enjoy 2-Factor authentication 😊

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: whenz
Sep 7, 2018
2:18 pm
Reads:
334
Score:
Unrated
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow