Acceptto MFA for VMware Horizon®

Introduction

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only you know or have access to.

RADIUS is a protocol commonly used to authenticate, authorize, and account for user access and actions. VMware Horizon provides end-users access to all of their virtual desktops, applications, and online services through a single digital workspace. Acceptto offers a simple method for adding MFA to ‘VMWare Horizon™’ via its RADIUS solution.

Pre-Requisites
  1. An Acceptto Appliance connected to your user directory (for example Microsoft ‘Active DirectoryTM’).
  2. A user with administrative privileges for the Acceptto Appliance.
  3. The user population that is going to be authenticated via Radius must be enrolled in the It’s Me Application.
  4. A user with administrative privileges for VMWare Horizon.
Configure the Acceptto Appliance RADIUS interface
  1. Login to the Acceptto Appliance admin panel with an administrative account, select RADIUS, and enter the following values.
  2. Appliance Radius settings
    • NetBIOS domain - The NetBIOS name of your domain.
    • Assigned Computer Name - The name to attribute to RADIUS in theComputers section of your Active Directory
    • REALM - Usually equal to the domain portion of your Active Directory fully qualified domain name.
    • MFA Active Directory Group - The LDAP group that will contain the users subject to MFA.
    • MFA Login message - The message show to your users in the It’sMe mobile application.
    • Radius eGuardian UID - An application UID provided to you by your Acceptto representative, or configured by you in the eGuardian admin panel.
    • Radius eGuardian Secret - An application Secret provided to you by your Acceptto representative or configured by you in the eGuardian admin panel.
  3. Click on Save Changes.
Configure Horizon Connection Server
  1. Sign in to the Horizon Administrator Console.
  2. Navigate to View Configuration > Servers and Connection Servers.
  3. Highlight the connection server that you want to protect and click Edit.
  4. In the dialog window, select the Authentication tab. Scroll down to the Advanced Authentication section and select RADIUS in the 2-factor authentication drop-down list.
  5. Enable both Enforce 2-factor and Windows user name matching and Use the same user name and password for RADIUS and Windows authentication.
  6. Choose Create New Authenticator in the Authenticator drop-down list and fill the form based on the following table. Then, click Next and OK.

  7. Label An optional name for this authenticator
    Description An optional description of this authenticator
    Hostname/Address IP or Name of Acceptto RADIUS Agent configured in the previous section
    Authentication port The RADIUS port (default is 1812)
    Accounting port 0
    Authentication type PAP
    Shared secret The RADIUS secret you configured in the previous section
    Server Timeout 60

Test your setup
  1. Launch VMware Horizon Client, initiate a connection to the Server and enter your primary credentials.
  2. Your It’sMe app shows a notification, and after verification, access is provided to your virtual desktop environment.
Support

If you require assistance, please email us at support@acceptto.com

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the Acceptto Corporation.

VMware and ‘VMware Horizon are either registered trademarks or trademarks of VMware and/or one or more of its subsidiaries in the United States and/or other countries.

Microsoft and 'Active Directory' are either registered trademarks or trademarks of Microsoft and/or one or more of its subsidiaries in the United States and/or other countries.