Unsolved
This post is more than 5 years old
2 Posts
0
5072
vWorkspace 7.2 Integration with TFA - RSA Authentication Manager 6.x
Hi,
We have vWorkspace 7.2 SecureIT (SSL Gateway) in DMZ , published on Port 443. We have the WebIT also on the same server.
Now we want to integrate RSA SecurID with the same? How to achieve this..? I could not find any document in Quest site for this particularly.
Also if we want to do TFA for certain group of people only and for rest of the users do a normal AD authentication... is it possible..?
Please give some pointers.
Rgds
Sarva
DELL-Terry L
29 Posts
0
March 12th, 2011 00:00
Sarva,
Within the vWorkspace download installation package is a Documentation Folder. Configuring two-factor authentication is covered in the vWorkspace Web Access Guide beginning on page 23.
Initially, we integrated directly, at the dll level, with several TFA vendors. However today, the industry seems to have consolidated on using their own integrated Radius Server to facilitate 3rd-party integrations. Today, that's how we support a variety of TFA vendors and specific configurations and vendors, including RSA, are described in the Web Access Guide.
Technically, when configured, we add a TFA token field in addition to the normal username, password, and domain fields. Before AD authentication is performed, the TFA token is authenticated against it's infrastructure server. If successful, the user is then authenticated against AD by the broker. If the token fails authentication, the user is denied access to follow-on processing. Because of this configuration, when TFA is enabled, it applies to everyone using the web site.
To support the use case you describe, you could install multiple web access web portals with separate URLs for authentication with, and without TFA. Support once had documentation describing procedures for installing/creating multiple IIS sites on a single web server but I haven't checked recently if it's been updated for the current IIS installations.