inWebo MFA can be enabled as an authentication layer combined with VMware Unified Access Gateway (UAG) to verify users’ identities before they access the application server protected through Radius protocol.
VMware UAG is now configured with the inWebo’s radius servers informations.
3.2 Apply Radius Authentication
Next step is to protect VMware UAG access with radius authentication against inWebo radius servers.
In the “General Settings” menu, in the section “Edge Service Settings”, click on “SHOW”
Then enter the “Horizon Settings” menu
At the bottom of the new page, click on “More”, to display extra settings fields
Select “RADIUS” as the“Auth methods”,
With this option the authentication will be done in 2 steps by default:
First step - inWebo MFA authentication : A first login page with a login and password field to perform the Strong Authentication based on Radius.
This first page will display the previous “passphrase hint” configured in your Radius settings. Your users will need only to enter their login, they do not have to enter anything in the password field at that step.
Second step - password authentication: A second login page with a login and password field to perform standard authentication
Your users needs to enter their login and password.
Then you can “Save” the configuration at the bottom of the page.
Warning: that will apply inWebo Strong authentication based on Radius, be sure to have at least an enrolled and valid inWebo token (mobile or desktop) and still have local access to your UAG in case of issue.
3.3 Extra configuration - not mandatory:
VMWare UAG let you modify the login page customer journey (2 steps) with some specific options (not mandatory
You can activate the setting “Match Windows Username” so your users will not have to enter their login on second step. They will enter their login only in step 1
4 Test the 2 steps authentication
Settings: “Match Windows Username” set at ON
To perform a test, you will need to have an active user with at least a valid token (mobile, pc token). We will perform the test with the VMware Horizon HTML Access (you can do it on the Horizon Client as well)
Launch a browser and open your UAG portal url
Step 1- Strong authentication : Enter your login and leave the password field blank. Click on login.
You can see into the label the “passphrase hint” configured previously in your Radius configuration.
(You can also manualy generate an OTP and paste it into the password field if you don’t want to use the push notification mechanism)
Then, as a step 2, you will have to enter your password to be connected. Your login is already filled with the login of Step 1 (“Match Windows Username” at ON)