Hello,
I have 3 vIDM with TwoFactor Authentification (Radius Server) only for External User.
Internal User use directly with Zero Client Teradici (Wyse) my Connexion Servers, it's OK. In internal, we don't use vIDM with two Factor authentification..
I install two Access point on DMZ for reverse proxy vIDM et Horizon. It's function, but if my external user try directly connect from Horizon Client, my users have a prompt for authentification AD, without Two authentifcation, and after signed on my Connexion Server, we have access at ressource..
I must, only for my user external, we have acces on VDI NOT DIRECTLY, only from Workspace One.
On Access Point, proxyPattern it's solution maybe? or other solution ? Have you idea?
Sorry for my English !!
Thanks,
In order to support the internal zero clients with just AD password authentication you can use dedicated Connection Servers just for internal users.
You then have other Connection Servers dedicated for external users. These can be configured for optional SAML and for RADIUS authentication.
This will then support external users via vIDM with RADIUS authentication from vIDM. This is with the "external" Connection Servers.
External users just using Horizon client with RADIUS from "external" Connection Servers.
Internal users via "internal" Connection servers with just AD password authentication.
All Connection Servers are part of the same POD. It's just that some are configured for external use and some for internal.
Mark
Kindly check the below parameters
1. Need to check if configuration is correct. Reference http://pubs.vmware.com/identity-manager-27/topic/com.vmware.wsp-administrator_27/GUID-E355D9DD-54F4-...
2. Add radius authentication to default access policy is desired order.
3. Check if any network ranges have been defined.
In order to support the internal zero clients with just AD password authentication you can use dedicated Connection Servers just for internal users.
You then have other Connection Servers dedicated for external users. These can be configured for optional SAML and for RADIUS authentication.
This will then support external users via vIDM with RADIUS authentication from vIDM. This is with the "external" Connection Servers.
External users just using Horizon client with RADIUS from "external" Connection Servers.
Internal users via "internal" Connection servers with just AD password authentication.
All Connection Servers are part of the same POD. It's just that some are configured for external use and some for internal.
Mark
Thanks you markbenson,
I add 2 connexion server with SAML portail on "require" for external user. On my Access Point I configure the proxy Horizon with this vIP HLB with this 2 connexion server.
For internal user, I have 2 connexion server with SAML portail on "authorized", my user connect directly with another vIP HLB with this 2 connexions server.
It's good. My user external don't connect directly except if my user connect with vIDM. And for internal user, they connect directly with Zero client
Seb,