× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

Re: Centrify Identity Service and MFA for VMware Horizon View 7

Centrify Identity Service and MFA for VMware Horizon View 7

By Centrify Contributor III on ‎10-13-2016 04:58 AM - last edited ‎10-14-2016 11:41 AM

Centrify Identity Service and MFA for VMware Horizon View 7

 

This post covers how to configure VMware Horizon View 7 for RADIUS to enable Multi Factor Authentication via Centrify Identity Service v16.9.   It documents with screen shots the configuration and the testing in three sections:

 

  1. Configuration of RADIUS and a Security Policy in Centrify Identity Service.
  2. Configuration of RADIUS to work with Centrify Cloud Connector in VMware Horizon View 7
  3. The end user’s experience when testing.

 

As follows are the items that should already be in place in your environment:

 

  • Horizon View installed and configured to enable Access by users utilizing their Active Directory Credentials. Know the IP Addresses or FQDN for the Horizon View Connection Server.
  • Centrify Identity Service already installed and configured for your environment for which you should have at least one cloud connector, in production it is preferable to have two or more cloud connectors. For more information on setting up Centrify Identity Service, please see  http://community.centrify.com/t5/Centrify-Identity-Service/Centrify-Identity-Service-Technical-Resou....
  • Administrator credentials for Horizon View and sysadmin credentials for your Centrify Identity Service

 

 

  1. Configuration of RADIUS in Centrify Identity Service:

 

  • Cloud Manager-->Settings-->Authentication-->RADIUS Connection

On the “Clients” tab, configure the Horizon View Connection Server as a RADIUS client by clicking the add button. Specify the information in the menu as the screen shot indicates:

 

 Screen Shot 2016-10-07 at 5.09.46 PM.png

 

  • Cloud Manager -->Settings —> Network —> Cloud Connectors

Double-Click on your preferred cloud connector for the test in order to modify the configuration. Click on RADIUS on the left as shown in the screen shot below, and Check the box to “Enable incoming RADIUS connections. The default port is 1812, this should match the RADIUS PORT as specified in Horizon View as well.

 

 Screen Shot 2016-10-07 at 2.26.22 PM.png

  • Cloud Manager --> Settings --> Authentication -->Authentication Profiles:

Click the Add Profile Button and then choose the methods of authentication that are supported in your environment and click OK. Remember the name of the Authentication Profile, as we will use it in a later step.

 

Screen Shot 2016-10-07 at 2.28.42 PM.png

 

 

  • Cloud Manager -->Policies

Click the Add Policy Set button to add a policy for your Horizon View Users.

  • Click on Policy Settings on the left, to specify the settings as shown in the screen shot. Note that you have the option to apply this policy to only specify roles of users, however in our configuration we applied it to all users and devices.

Screen Shot 2016-10-07 at 2.30.37 PM.png

 

  • Then on the left expand User Security Policies and select RADIUS to allow RADIUS Connections and specify the Authentication Profile from a previous step and click Save.

 Screen Shot 2016-10-07 at 3.14.28 PM.png

 

*Note that we are assuming that this policy is specific to RADIUS and that you  have other security policies configured and applied where needed.

 

  1. Configuration of RADIUS to work with Centrify Cloud Connector in VMware Horizon View 7.

 

  • Login to your VMware Horizon 7 Administrator with your Administrator Credentials

 

Screen Shot 2016-10-07 at 3.23.18 PM.png

 

  • In the left frame, under the Inventory section, expand “View Configuration” and select “Servers” as shown in the screen shot below. Then in the right frame, select the “Connection Servers” tab.
  • Highlight your preferred HORIZONVIEW connection server and click on the “Edit…” button.

Screen Shot 2016-10-07 at 3.29.40 PM.png

 

  • On the “Edit Connection Server Settings” menu, select the “Authentication” tab.
    • Under Advanced Authentication, select “RADIUS” from the pull down menu for “2-factor authentication”. And then choose the check box for “Use the same user name and password for RADIUS and Windows Authentication”.
    • Then for Authenticator, choose “Create New Authenticator from the pull down menu.

Screen Shot 2016-10-07 at 3.45.36 PM.png

 

 

  • Specify the Primary Authentication Server similar to the screen shot,
    • The Primary Authentication Server hostname/address is the Centrify Cloud Connector machine for your tenant.
    • Specify the “PAP” authentication type as shown below.
    • Specify the same “shared secret” that you specified in the Cloud Manager-->Settings-->Authentication-->RADIUS Connection previously.
    • Specify a Secondary Authentication Server if you have an additional Centrify Cloud Connector you want to use, and then click the “OK” button.

Screen Shot 2016-10-07 at 5.04.08 PM.png

 

 

  1. The end user’s experience when testing.

 

  • The user goes to VMware Horizon login page, and enters his/her Active Directory Credentials.

Screen Shot 2016-10-13 at 7.42.29 AM.png

  • The user is then prompted for multiple factors, and chooses one of the factors:

Screen Shot 2016-10-13 at 7.42.42 AM.png

  • The user completes authentication with the chosen factor, and is granted access to VMware Horizon.

 

 

For more information on Centrify MFA options, please see https://www.centrify.com/solutions/why-multi-factor-authentication/.

 

Comments
By Centrify Advisor III
on ‎10-18-2017 09:33 AM

Works for both the web and thick client.

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel