How to setup 2 factor authentication in Horizon View using Google Authenticator – Part 2

Adding the Radius Server to the Connection Broker.

I’ll always recommend using the Unified Access Gateway, even for internal only deployments and adding the first Challenge of the 2FA there. However we can add it the the connection broker if needed. The following is done via the HTML interface, it’s where the admin console is heading so you might as well get started now. Next post will be how to add it to the Unified Access Gateway.

  1.  Log into to your connection broker on https://<connection>/newadmin/
  2. Expand Settings and Click on Servers and Connection Servers.

  3. Select the connection server and click Edit.
  4. Select Authentication and scroll down to Advanced Authentication.
  5. Under Advanced Authentication:
    1. For 2-factor authentication select RADIUS.
    2. Tick Enforce 2-factor and windows user name matching.
    3. Under Authenticator, select Create New Authenticator.

  6. Fill in blank and required details. no real need to change the defaults:
    1. Label – Give it a name like Centos 2FA.
    2. Hostname/Address – hostname of the 2FA server we built in Part 1.
    3. Share Secret – We defined this in Part 1 as the secret in the client.conf file.
  7. Click Next.
  8. Add in the details of a second server (if created)
  9. Click Finish.
  10. Select the Authenticator you just created.
  11. and select OK.

Next time a user tries to log into the connection broker to get a desktop they’ll be prompted for their 2FA key.

 

5 thoughts on “How to setup 2 factor authentication in Horizon View using Google Authenticator – Part 2

  1. Do you mind if I quote a few of your articles
    as long as I provide credit and sources back to your website?
    My blog is in the very same niche as yours and my visitors would certainly benefit from some of the information you present here.
    Please let me know if this okay with you. Thanks!

  2. Thank you for all your informations !
    I read and followed your procedure.
    However I get an “Access Denied” message when connecting to Horizon with my AD account. Do you have an idea ?
    Thank you

    1. Hi Michael,

      There could be a few reasons. I would look at the following:
      1. Are you using the full AD name: \?
      2. Double check DNS and NTP
      3. Does “realm list” on the linux box give you the domain details?

      I’ll spin up a fresh copy in my lab and see if I can replicate the error.

      1. Hi Carel,
        1. I try with full AD name (domain\user, user@domain and only username)
        2. After control, yes DNS and NTP are correct
        3. The realm list give me all details from the AD

        Ok I wait your information if you can replicate the issue.
        Thank you for your time.

Leave a Reply

Your email address will not be published.