A Remote Desktop Gateway-based infrastructure relies on NPS to authenticate users. The following steps are necessary to configure NPS to use inWebo RADIUS servers to authenticate users with multi-factor authentication in addition to the traditional login / password.
InWebo connections must respect the following format Domain\sAMAccountname.
Install the Remote Desktop Gateway infrastructure and required roles:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-deploy-infrastructure How to configure inWebo to accept authentication requests issued by NPS
On the inWebo management console
Fill in the “IP Address” field with the IP of the public interface of your device (or NAT address if behind a firewall).
Enter the “secret” configured previously on NPS.
Validate your connector configuration by pressing “Add” or
“Update” button. Point to be noted: “Any configuration or modification made to your RADIUS connector will be applied at the start of the next hour”. How to configure inWebo RADIUS servers on NPS
In NPS MMC, (Microsoft Management Console)
In the “TS GATEWAY SERVER GROUP” Properties window,
In the “Add RADIUS Server” window
On the "Address" tab RADIUS recommended Addresses and pair configuration
In most of RADIUS client configurations, you will have to choose one of the following pair of RADIUS servers to have failover:
On the "Authentication / Accounting" tab
In the “Load Balancing” tab, change the timeout as follows.
(For more details: check the following documentation:
Repeat both operations to add a secondary server. Setting the same Weight and Priority while implement a load balancing between both servers.
How to configure NPS policies to forward authentication requests to inWebo RADIUS servers
In NPS MMC,
navigate to "NPS (local)> Policies> Connection request policies"
Double click on "TS GATEWAY SERVER GROUP" to modify it.
In the “TS GATEWAY AUTHORIZATION POLICY" Properties
In the “Settings” tab,
go to the “Authentication” section
select “Forward requests to the following remote RADIUS server group for authentication”.
Make sure that “TS GATEWAY SERVER GROUP” is selected.