VMware UAG: configure Azure MFA (SAML)

vmware-uag-configure-azure-mfa-01

To secure external accesses in Horizon, you can configure the UAG with Azure MFA leveraging the SAML-based authentication feature.

Latest Unified Access Gateway (UAG) versions provide the SAML-based multifactor authentication feature that make the authentication process stronger utilizing MFA solutions such as Azure MFA.

 

Prerequisites

To configure Azure MFA for the Unified Access Gateway, you need to meet some prerequisites:

  • An Azure license that includes MFA feature.
  • A working Azure AD Connect to synchronize the on-premises Active Directory users into Azure Active Directory.
  • Azure MFA must be enabled for users or groups.

 

Configure the Azure environment

Login to your Azure portal using the global administrative account. Click on Azure Active Directory icon.

vmware-uag-configure-azure-mfa-02

Make sure you have the correct Azure license to leverage MFA capabilities. Select Enterprise application.

vmware-uag-configure-azure-mfa-03

Click New Application.

vmware-uag-configure-azure-mfa-04

Select Non-gallery application.

vmware-uag-configure-azure-mfa-05

Enter the Name for the new application and click Add.

vmware-uag-configure-azure-mfa-06

This article has been written for StarWind blog and can be found in this page. It covers the full procedure to configure Azure MFA (SAML) for the VMware UAG used for external accesses to the Horizon infrastructure.

 

Access the Horizon infrastructure

After configuring Azure MFA, access the Horizon Portal and select the preferred client to access the infrastructure.

vmware-uag-configure-azure-mfa-07

Enter the user previously configured and click Next. The user is authenticated in Azure

vmware-uag-configure-azure-mfa-08

Enter the password and click Sign in.

vmware-uag-configure-azure-mfa-09

You are now prompted to enter the password for the Active Directory authentication. Click Login. Because TrueSSO is not configured in this example, you need to insert the password twice even if the same user for Horizon and Azure AD has been used.

vmware-uag-configure-azure-mfa-11

The user is authenticated and granted the access to the Desktop Pool for which it has been entitled.

vmware-uag-configure-azure-mfa-12

Integrating Microsoft Azure MFA with VMware UAG allows the administrators to add an extra layer of security to access the Horizon infrastructure and new deployments should include MFA especially for external accesses.

Read the full article on StarWind blog.

signature