7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Setting Up Two-Factor Authentication 6
You can configure an Access Point appliance so that users are required to use RSA SecurID authentication or
RADIUS (Remote Authentication Dial-In User Service) authentication.
Because two-factor authentication solutions such as RSA SecurID and RADIUS work with authentication
managers, installed on separate servers, you must have those servers configured and accessible to the
Access Point appliance. For example, if you use RSA SecurID, the authentication manager would be RSA
Authentication Manager. If you have RADIUS, the authentication manager would be a RADIUS server.
To use two-factor authentication, each user must have a token, such as an RSA SecurID token, that is
registered with its authentication manager. A two-factor authentication token is a piece of hardware or
software that generates an authentication code at fixed intervals. Often authentication requires knowledge
of both a PIN and an authentication code.
You can also set up authentication so that Access Point requires SecurID or RADIUS authentication but then
authentication is also passed through to the Horizon server, which might require Active Directory
authentication. To configure this type of chained authentication, see the authMethods property, described
in “Configuration Settings for Edge Services,” on page 34.
NOTE For VMware Identity Manager, authentication is always only passed through Access Point to
VMware Identity Manager. You can configure two-factor authentication to be performed on the Access
Point appliance only if Access Point is being used with Horizon 6, Horizon 7, or Horizon Air Hybrid-mode.
This chapter includes the following topics:
n
“Configure RSA SecurID Authentication on the Access Point Appliance,” on page 61
n
“Configure RADIUS Authentication on the Access Point Appliance,” on page 63
Configure RSA SecurID Authentication on the Access Point Appliance
On the Access Point appliance, you must enable RSA SecurID authentication, copy in the contents of the
configuration file for the RSA SecureID server, and change the authentication type to RSA SecurID
authentication.
Prerequisites
n
Verify that the server to be used as the authentication manager server has the RSA SecurID software
installed and configured.
n
Export the sdconf.rec file from the RSA Secure Authentication Manager server. See the RSA
Authentication Manager documentation.
VMware, Inc.
61