For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

evegter_163099's avatar
evegter_163099
Icon for Nimbostratus rankNimbostratus
Jul 08, 2014

Hi Mike, thanks for the reply. When you say "the two-factor authentication within the RDS server itself", how exactly do you mean that? What kind of implementation of 2FA does RDS provide? I know the RDS Gateway server uses NPS as authentication and authorization layer and that can also redirect login to Radius with AD-user mapping etc but I have not implemented anything like that yet and wonder how the integration and SSO with WebAccess would be and when/how exactly the user would get prompted for the OTP key in that scenario. So I was hoping an enterprise Reverse Proxy/Loadbalancer like F5 would provide this kind of AD+OTP 2FA feature out of the box. The document "f5-microsoft-remote-desktop-services-dg.pdf" doesn't mention it so a multi-scenario document would be nice ;)

 

Your remark "In other cases, you have the two-factor authentication at the APM login level and do the radius authentication up front" basically sounds like what we have in mind. Do you know of any documentation that describes this?

 

Many thanks, Eric