Skip to main content

VMWare Horizon

Introduction#

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only they know or have access to.

RADIUS is a protocol commonly used to authenticate, authorize, and account for user access and actions. Acceptto offers a simple solution for adding MFA to VMware Horizon via its Radius solution. This document is a step-by-step guide to connect your VMware Horizon structure to the Acceptto Radius agent.

Pre-Requisites#

  1. An Acceptto RADIUS Agent that is configured and connected to your user directory (for example Microsoft™ ‘Active Directory™’) (See this page for the instructions).
  2. A user with administrative privileges for the VMware Horizon Connection Server.

Configure the Acceptto RADIUS Agent#

To integrate Acceptto with your VMware Horizon structure, you will need to install an Acceptto RADIUS Agent on a machine within your network. This server will receive RADIUS requests from your Horizon server, check with LDAP server to perform primary authentication, and then contact Acceptto cloud service for secondary authentication.

  1. Log into the Acceptto RADIUS Agent with an administrative user and open the radius-agent-config.env file with an editor. It is located in the installed directory of RADIUS Agent. RADIUS clients are configured in this setting.

    Acceptto radius configuration

  2. Go to the bottom of radius-agent-config.env file and change the ARA_CLIENTS attribute as follows. The values should be separated by semicolons (;).

    ARA_CLIENTS = An optional name for your Horizon; IP address of your Horizon server; a shared secret

    An example configuration might look like this:

    ARA_CLIENTS = Horizon;192.168.10.10/32;testing12345

    Acceptto radius configuration

  3. Save the file and run the following command to set changes:

    docker-compose down && docker-compose up -d

Configure VMware Horizon Connection Server#

  1. Sign in to the Horizon Administrator Console.

  2. Navigate to “Servers” and then “Connection Servers”.

  3. Click Edit.

    VMWare Servers

  4. In the dialog window, select the Authentication tab. Scroll down to the "Advanced Authentication” section.

    Advanced Authentication

  5. Select RADIUS in the "2-factor authentication" drop-down list. Enable both “Enforce 2-factor and Windows user name matching” and “Use the same username and password for RADIUS and Windows authentication”.

    2-Factor Authentication

  6. In the Authenticators section, select “Create New Authenticator” and fill the form based on the following table. Type a name of your choice for Authenticator Name.

    Add Radius Authenticator

  7. Click Next and fill the rest of fields regards to the below table:

    Hostname/Address: IP/Name of Acceptto RADIUS Agent configured in the previous section

    Authentication port: The RADIUS port (default is 1812)

    Accounting port: 0

    Authentication type: PAP

    Shared secret: The RADIUS secret you configured in the previous section

    Server Timeout: 60

Secondary authentication server

Test your setup#

  1. Launch the VMware Horizon Client. Initiate a connection to the Server and enter your primary credentials.

VMWare login form

  1. Your It’sMe app will show a notification. After verification, access will be provided to your virtual desktop environment.

Acceptto It'sMe transaction

Virtual desktop environment icon

Support#

If you require assistance, please email us at support@acceptto.com

Sales#

Want to learn more about our MFA solutions? Contact our Professional Services for a Demo today.

Disclaimer#

All company, product and service names used in this document are for identification purposes only. Use of these names, trademarks, and brands does not constitute an endorsement by the Acceptto Corporation.