RE: Using 2 factor authentication with Active Directory

Wed, 04 Mar 2020 12:42:27 -0800 

This is magical. Thank you

-----Original Message-----
From: drhy <[email protected]>
Sent: Wednesday, March 4, 2020 2:52 PM
To: [email protected]
Subject: Re: Using 2 factor authentication with Active Directory

We are using 2 factor authentication for all access outside of our secure 
offices. The 2FA is Microsoft Azure MFA for all access except our IIS extranet 
which uses the installed Microsoft Authentication Server (previously 
"PhoneFactor"), and both methods use the Microsoft Authenticator app on iOS and 
Android.

The latest 1.1.0 version of Guacamole is providing a very performant means of 
securing RemoteDesktop access to Microsoft Windows computers and Windows 
Servers, so we no longer need to allow users direct access to RDP from outside 
our secured offices. Our Guacamole server is accessing our Windows Network 
Policy Server ("NPS") which is authenticating against Windows Active Directory. 
Installing the Azure MFA plugin into NPS triggers Azure MFA authentication 
before a user is fully authenticated.

We also use Azure AD Connect to sync the AD to Azure AD for Office 365 
authentication, which is configured to use Microsoft MFA.

As an aside, our VPNs  authenticate against the same NPS, therefore also using 
Azure MFA authentication.

Notes on what we've done can be found in the post:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Guacamole-1-1-0-with-MySQL-Radius-and-https-Step-by-step-tp7151.html

-David



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


________________________________

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please disregard. This message may 
contain confidential information and is intended only for the individual named.

For more information about our privacy policy and how we process data, please 
visit our website and use the Privacy Notice link located on the main page.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to