none
Direct Access 2-Factor Authentication Issues RRS feed

  • Question

  • We currently have UAG direct access set up, and it's working great.  

    Now we are trying to integrate an out-of-band 2 factor authentication solution (phonefactor).  All I need for it to work is a RADIUS call to the phonefactor server, and it will send a phone call or OTP to the users phone to complete the login.

    I have it working perfectly with a UAG trunk / portal, but can't get it to work with Direct Access.  I went through the 2 factor OTP setup in the DA console, but it's asking for the OTP before contacting the RADIUS server.  I need it to contact the RADIUS server first in order to generate the OTP and send it to the user.

    Is there any way to make that happen?

    Friday, September 14, 2012 3:03 PM

All replies

  • Direct Access via UAG only works with 2 factor authentication systems that already know the passcode before you login.

    You cannot send two separate authentication requests (Radius access challenge) to Direct Access.

    Have you looked at SecurEnvoy, http://www.securenvoy.com as they pre-load the required passcode via SMS to get round this issue.

    I also noticed they have an integration guide for UAG

    http://www.securenvoy.com/integrationguides/microsoft%20uag%20integration.pdf

    Hope this helps,

    Andy

     

    AndyK

    Thursday, September 20, 2012 1:39 PM
  • Hi

    There is a much better and simpler way to add authentication with Direct access and that is to use TPM chip (you already have it). Not only you get additional security but requires no user intervention.

    Let me know if you want further information this.

    Thx

    Tuesday, July 16, 2013 8:50 AM
  • Hi

    Can you please send me the information on using TPM with UAG?

    Sorry to resurrect such an old thread


    Regards Gordie

    Thursday, January 9, 2014 1:56 PM