Friday, September 14, 2012 3:03 PM
We currently have UAG direct access set up, and it's working great.
Now we are trying to integrate an out-of-band 2 factor authentication solution (phonefactor). All I need for it to work is a RADIUS call to the phonefactor server, and it will send a phone call or OTP to the users phone to complete the login.
I have it working perfectly with a UAG trunk / portal, but can't get it to work with Direct Access. I went through the 2 factor OTP setup in the DA console, but it's asking for the OTP before contacting the RADIUS server. I need it to contact the RADIUS server first in order to generate the OTP and send it to the user.
Is there any way to make that happen?
Thursday, September 20, 2012 1:39 PM
Direct Access via UAG only works with 2 factor authentication systems that already know the passcode before you login.
You cannot send two separate authentication requests (Radius access challenge) to Direct Access.
Have you looked at SecurEnvoy, http://www.securenvoy.com as they pre-load the required passcode via SMS to get round this issue.
I also noticed they have an integration guide for UAG
Hope this helps,