Forum Discussion
merter_319420
Nimbostratus
NimbostratusView 1.5.5 iApp Access Policy with Microsoft Network Policy Server (NPS) and Azure MFA
Hello,
Has anyone set up the VMware Horizon View 1.5.5 iApp to do multi-factor authentication against Azure MFA? We are working through a POC, but have yet to find a full setup guide for this u...
Doug_Walton_354Nimbostratus
NimbostratusI've just done the BIG-IP (13.1)/NPS RADIUS client/Azure part but not the Horizon/iAPP part
These were the most useful resources for me;
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn
Doug_Walton_354Nimbostratus
NimbostratusHere is what works for me;
Network Policy
New policy = Grant Access Condition = IP of F5 (check if its your inside interface or floating IP) Access = Grant Authentication = MS-CHAPv2 Framed-Protocol = PPP Service-Type = Framed BAP Percentage of Capacity = Reduce Multilink if server reaches 50% in 2 minutes
*Most of these were default
Connection Request Policy
New policy Conditions = NAS Identifier (Name of your F5 NAS identifier that you may have set in your radius profile) Setting = Authentication Provider (Local Computer)
On the Azure side I'm just using a conditional policy that says, if user is in AD group then do MFA. I'm only using it for remote access at this point.