Deze Implementatie guide omschrijft de stappen die doorlopen moeten worden om VMware View te configureren met de 2-Factor Authenticatie 2FA oplossing 4TRESS AAA Server van ActivID ( voorheen ActivIDentity en ActivCard ) Heeft u nog geen ActivID dan is deze in de webshop te bestellen of kunt u een gratis express versie voor 10 gebruikers aanvragen.

Indien u liever niet zelf implementeerd kan Virtual Security dit voor u verzorgen.

ActivID gratis proberen ? Bestel ActivID

Make sure you are using VMware View Version 5.1 or Newer.

VMware View configuration


This chapter describes how to manage VMware View in radius context. When a user signs into the VMware View client, the VMware View server forwards the user’s credentials to this authentication server to verify the user’s identity. You will create one authentication server (an ActivIdentity 4TRESS AAA RADIUS Server) to validate the user’s one-time password generated by an ActivIdentity token.

1 : Create New Radius Server Instance

On the VMware View Administrator (from a Web browser, access View Administrator on the Connection Server using https://hostname/admin and log in) select View Configuration, then Servers, select the Connection Servers tab and then Edit to bring up the Edit View Connection Server Settings and select the Authentication tab.

 

2. Under Advanced Authentication choose, for 2-factor authentication, the RADIUS tab.

3. Under Select Authenticator select Create new Authentication, this opens the Add RADIUS Authenticator screen, this allows a Primary and Secondary RADIUS authentication servers to be configured, enter the following:

  •  Label: A label shown to clients

4. Under Primary Authentication Server section :

  • Hostname/Address: IP address of the 4TRESS AAA
  • Authentication Type: select RADIUS authentication type, use PAP for initial setup.
  • Shared secret: The shared secret, the same as entered on the 4TRESS AAA server

5. Complete the configuration for the RADIUS server and select Next

6. If there is a secondary RADIUS server then complete the settings for the secondary server and select

Finish.

 

Procedure 2: Additional Configuration Options

1. After authenticating to RADIUS, you may get another prompt if the RADIUS server responded with a supported Access Challenge. Full generic RADIUS challenge/response is not supported, but a limited access challenge for a string token code is supported (for SMS authentication for example). For details on how authenticating with an Out-Of-Band SMS works, please refer to ActivIdentity 4TRESS AAA documentation.

2. In the admin configuration of RADIUS authentication under Advanced Authentication, if Enforce 2- factor and Windows user name matching is ticked then the Windows login prompt after RADIUS authentication will force the username to be the same as the RADIUS username and the user will not be able to modify this.

 

ActivIdentity 4TRESS AAA Configuration

This chapter describes how to configure the ActivIdentity 4TRESS AAA Authentication Server.

Procedure 1: Configure VMware Gate

A gate for the ActivIdentity 4TRESS AAA Server is a group of Network Access Servers (NAS) that is used to simplify administration. For configuration details, refer to ActivIdentity 4TRESS AAA Server technical documentation.

1. In the left pane of the Administration Console, expand the Servers line.

2. Right-click on the server to which you want to add a gate, and then click New Gate

1. Enter a Gate name (can be any string).

2. Select the option, RADIUS, corresponding to the protocol your VMware uses.

3. Use the Authorized IP addresses and host names section to specify filter(s) for the gate.

4. Click Add, and then click OK.

5. The ActivIdentity 4TRESS AAA Server uses the RADIUS shared secret to encrypt data between VMware

and the AAA authentication server. Click Shared Secret, and then modify the appropriate shared secret for

your system.

6. Click OK.

Note: Remember that you must have user groups created and the corresponding LDAP configured. For details,

refer to the ActivIdentity 4TRESS AAA Administration Guide.

1. To assign groups to the VMware Gate, in the left pane of the Administration Console, select the group that

you want to assign to the gate (for example All Users).

2. Use the Group / Gate Assignments section of the page that is displayed to the right to specify gate(s) for the

group’s users to utilize in order to access a protected resource.

3. Click Add.

4. Select the Gate, the AZ profile, and the AC profile.

5. Click OK.

6. Click Save (not illustrated), and then export the changes to the AAA Server(s) by clicking the flashing red button

ActivIdentity testen ?

 ActivID gratis proberen ?

Bestel ActivID