Direct Access 2-Factor Authentication Issues
-
Friday, September 14, 2012 3:03 PM
We currently have UAG direct access set up, and it's working great.
Now we are trying to integrate an out-of-band 2 factor authentication solution (phonefactor). All I need for it to work is a RADIUS call to the phonefactor server, and it will send a phone call or OTP to the users phone to complete the login.
I have it working perfectly with a UAG trunk / portal, but can't get it to work with Direct Access. I went through the 2 factor OTP setup in the DA console, but it's asking for the OTP before contacting the RADIUS server. I need it to contact the RADIUS server first in order to generate the OTP and send it to the user.
Is there any way to make that happen?
All Replies
-
Thursday, September 20, 2012 1:39 PM
Direct Access via UAG only works with 2 factor authentication systems that already know the passcode before you login.
You cannot send two separate authentication requests (Radius access challenge) to Direct Access.
Have you looked at SecurEnvoy, http://www.securenvoy.com as they pre-load the required passcode via SMS to get round this issue.
I also noticed they have an integration guide for UAG
http://www.securenvoy.com/integrationguides/microsoft%20uag%20integration.pdf
Hope this helps,
Andy
AndyK
.png)
