For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mike_61719's avatar
Mike_61719
Icon for Cirrus rankCirrus
Jul 09, 2014

In the first scenario, you install the two-factor software on the RDS server. It will send a call to the device or database used for two-factor authentication. In this case, similar to phone factor or using the azure cloud.

 

In the second case, you will setup APM login: Username, Password (AD usually) and Two-factor authentication token. You're basically authenticating at the APM level rather than on the RDS server.

 

I like the RSA token guide: http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/6.html

 

http://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/apm_authentication_config_11_0_0/_jcr_content/pdfAttach/download/file.res/apm_authentication_config_11_0_0.pdf

 

  • evegter_163099's avatar
    evegter_163099
    Icon for Nimbostratus rankNimbostratus
    Jul 10, 2014
    thanks! I'll read the docs and see where that takes me. The phonefactor solution (now MS) that uses the Azure MFA server as Radius proxy in combination with the RDS Gateway is basically what we'd like but not accepted because of availability/coverage reasons for SMS like token exchange by the customer so we need to get the solution to work with hardware tokens.