External Authentication with Windows 2016 Server with Remote Desktop Web Gateway with Single Sign On

Similar documents
SecurEnvoy Microsoft Server Agent Installation and Admin Guide v9.3

Microsoft Outlook Web Access 2016 Installation Guide

Checkpoint R80.10 Integration Guide (ASA)

Authentication API SecurAccess API Guide Version /18

Microsoft O365 Integration Guide

SecurEnvoy Windows Logon Agent Installation and Admin Guide v9.3 Including support for SecurPassword

RESTful API SecurAccess RESTful API Guide

SecurEnvoy Microsoft Server Agent

External Authentication with Windows 2008R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy Security Server 9.3 Installation Guide

External Authentication with Ultra Protect v7.2 SSL VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Checkpoint R77.20 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix GoToMyPc Corporate Edition Authenticating Users Using SecurAccess Server by SecurEnvoy

Privileged Access Agent on a Remote Desktop Services Gateway

Two factor authentication for Microsoft Remote Desktop Web Access

Configuring Remote Access using the RDS Gateway

Authlogics Forefront TMG and UAG Agent Integration Guide

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Status Web Evaluator s Guide Software Pursuits, Inc.

External authentication with Citrix Xen App (Web Interface) version 5 Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy Windows Login Agent

ServiceNow Deployment Guide

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

WDC RDS Connection for Android Users

Establishing two-factor authentication with Cisco and HOTPin authentication server from Celestix Networks

AWS Remote Access VPC Bundle

CUCM 8.x Configuration Manual for Arc Pro

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

Establishing two-factor authentication with Barracuda SSL VPN and HOTPin authentication server from Celestix Networks

ITCorporation HOW DO I INSTALL A FRESH INSTANCE OF ANALYZER? DESCRIPTION RESOLUTION. Knowledge Database KNOWLEDGE DATABASE

Agility 2018 Hands-on Lab Guide. VDI the F5 Way. F5 Networks, Inc.

Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Azure MFA Integration with NetScaler

Integrating AirWatch and VMware Identity Manager

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Remote Desktop Services

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Citrix Working Remotely Reference Guide

Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

Implementing Cross-Domain Kerberos Constrained Delegation Authentication An AirWatch How-To Guide

BusinessObjects Enterprise XI Release 2

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810

Workspace ONE UEM Notification Service 2. VMware Workspace ONE UEM 1811

Horizon Console Administration. 13 DEC 2018 VMware Horizon 7 7.7

NetExtender for SSL-VPN

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Copyright and Trademarks

ISA 2006 and OWA 2003 Implementation Guide

RED IM Integration with Bomgar Privileged Access

OneLogin Integration User Guide

Using the Terminal Services Gateway Lesson 10

Plug-in Guide Advanced Authentication- ADFS Multi- Factor Authentication Plug-in. Version 6.1

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

Enabling the Bullhorn and Calendar Integration with Google Apps

CUCM 7.x Configuration Manual for Arc Pro

Installation Guide Advanced Authentication- ADFS Multi- Factor Authentication Plug-in. Version 6.0

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

VAM. Radius 2FA Value-Added Module (VAM) Deployment Guide

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

RMS Cloud Setup Instructions for Windows Computers and Tablets

Microsoft ISA 2006 Integration. Microsoft Internet Security and Acceleration Server (ISA) Integration Notes Introduction

Administering Cloud Pod Architecture in Horizon 7. Modified on 4 JAN 2018 VMware Horizon 7 7.4

Installing and Configuring vcloud Connector

How to configure the UTM Web Application Firewall for Microsoft Remote Desktop Gateway connectivity

SurePassID Local Agent Guide SurePassID Authentication Server 2016

scconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE

CUCM Configuration Guide for Arc Pro Covering CUCM Versions 7.x, 8.x, 9.x and 10.x

Load Balancing Microsoft Remote Desktop Services. Deployment Guide v Copyright Loadbalancer.org

VMware Horizon Cloud Service on Microsoft Azure Administration Guide

BLUEPRINT TEAM REPOSITORY. For Requirements Center & Requirements Center Test Definition

Enabling Smart Card Logon for Linux Using Centrify Suite

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Sophos UTM Web Application Firewall For: Microsoft Exchange Services

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENSv2 for cloud and on-premises deployments

Amazon AppStream 2.0: Getting Started Guide

Administering Cloud Pod Architecture in Horizon 7. Modified on 26 JUL 2017 VMware Horizon 7 7.2

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

Privileged Identity App Launcher and Session Recording

How to Configure Connection Fallback using Multiple VPN Gateways

Microsoft Unified Access Gateway 2010

If your system administrator has set up MaxMobile deployment by , you will receive an with a link to the MaxMobile installation.

Comodo Certificate Manager

Administering View Cloud Pod Architecture. VMware Horizon 7 7.0

Ericom AccessNow for Microsoft RDCB

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

Device LinkUP + VIN. Service + Desktop LP Guide RDP

Pulse Secure Client for Chrome OS

Load Balancing Microsoft AD FS. Deployment Guide v Copyright Loadbalancer.org

Cloud Access Manager Configuration Guide

VMware Horizon Client for Chrome Installation and Setup Guide. 15 JUNE 2018 VMware Horizon Client for Chrome 4.8

Read the following information carefully, before you begin an upgrade.

Transcription:

External Authentication with Windows 2016 Server with Remote Desktop Web Gateway with Single Sign On Authenticating Users Using SecurAccess Server by SecurEnvoy

Remote Desktop Web Gateway 2016 Contents 1.1 SOLUTION SUMMARY... 3 1.2 GUIDE USAGE... 3 1.3 PRE-REQUISITES... 3 1.4 SUPPORTED TOKEN TYPES... 4 1.5 CONFIGURE THE MICROSOFT SERVER AGENT... 5 1.6 CONFIGURE A RADIUS CLIENT IN SECURENVOY SECURACCESS SERVER FOR MS RDS.... 6 1.7 CONFIGURE THE MICROSOFT SERVER AGENT FOR THE DEFAULT WEBSITE (OPTIONAL). 7 1.8 CONFIGURE THE MICROSOFT SERVER AGENT FOR RDWEB (OPTIONAL)... 8 1.9 CONFIGURE LOGOUT URL (OPTIONAL)... 9 1.10 CONFIGURE RDWEB ACCESS TEMPLATE (OPTIONAL)... 9 1.11 SINGLE SIGN ON (SSO) - CONFIGURING GROUP POLICY... 10 1.12 SSO - APPLYING GROUP POLICY... 12 1.13 TEST THE TWO FACTOR AUTHENTICATION... 13 04/18 2

1.1 Solution Summary SecurEnvoy s SecurAccess MFA solution offers Two Factor Authentication for remote access solutions, such as Microsoft Remote Desktop Services 2016. The software used for the integration process is listed below: Remote Desktop Services Microsoft Windows Server 2016 Microsoft Internet Information Services v10 SecurEnvoy SecurEnvoy SecurAccess Release v9.3.502 SecurEnvoy Microsoft Server Agent Release v9.3.502 1.2 Guide Usage The information in this guide describes the configuration required for integration with SecurEnvoy and common to most deployments. It is important to note two things: Every organization is different and may require additional or different configuration. Some configuration may have other methods to accomplish the same task than those described 1.3 Pre-requisites The following conditions are required to set up SecurEnvoy s MFA Solution: It is assumed that Remote Desktop Services and is authenticating with a username and password. SecurEnvoy Security Server has been installed with the Radius service and has a suitable account that has read and writes privileges to the Active Directory. If firewalls are between the SecurEnvoy Security server, Active Directory servers, and Remote Desktop Services, additional open ports will be required. Microsoft Server Agent has been installed as per the SecurEnvoy Microsoft Server Agent Installation and Admin Guide: https:///en-gb/support 04/18 3

1.4 Supported Token Types Token Type Supported Soft Token App Soft Token App Next code (Auto Resync) SMS Preload Code SMS Three Code SMS Day Code SMS Realtime SMS Preload Email Three Code Email Day Code Email Realtime Voice Call OneSwipe Push 04/18 4

1.5 Configure the Microsoft Server Agent Select the SecurEnvoy Servers tab. Configure your SecurEnvoy Server 1 IP address and Shared Secret. Once complete, press the Test Server 1. If result returns OK, click update. Select the RDWeb & RDGateway tab. For RD Gateway protection from a direct connection, check the check box for Enable 2FA Protection RD Web Access protection, check the check box for Enable 2FA Protection on Default Web Site / RDWeb. To enable RDP file signing, check the check box for Sign RDP Files and select the certificate assigned to your RD Gateway. Enter your Default NetBios Domain Name 04/18 5

1.6 Configure a RADIUS client in SecurEnvoy SecurAccess Server for MS RDS. Open the SecurEnvoy SecurAccess Admin console Navigate to the RADIUS tab Enter the IP address of the Microsoft Remote Desktop Services server and click on Add Type in a Friendly Name so that you can easily identify the server and the same shared secret that was entered into the Microsoft Server Agent in the previous step Click on Update 04/18 6

1.7 Configure the Microsoft Server Agent for the Default website (optional) Note This section of the guide is for manual configuration of the RD Web Access and is not required, if you have used the Microsoft Server agent in section 1.1. Launch the IIS management interface, either from Start, Administration Tools or from the Server Manager Expand the sites list on the navigation pane and select Default Web Site, then scroll down the centre panel and press the SecurEnvoy Two Factor icon. Enable the tick box to Enable Authentication On Site Default Web Site Click Apply when complete. 04/18 7

1.8 Configure the Microsoft Server Agent for RDWeb (optional) Select the virtual web site you want to protect. For RDWeb select RDWeb, scroll down the centre panel and select SecurEnvoy Two Factor Select the tick box Enable Authentication On /RDWeb Select Form Based Authentication (The Default) Click Apply to finish Cancel restart IIS when prompted. Note The virtual directory SecurEnvoyAuth is automatically set to the application pool RDWebAccess. This must be maintained for correct operation. 04/18 8

1.9 Configure Logout URL (Optional) In the Navigation pane, select top level host name (the 2nd line down). Scroll down the centre panel and press the SecurEnvoy Two Factor icon. Setup your required inactivity timeout. Add the logout URL logoff.aspx Restart IIS when prompted. 1.10 Configure RDWeb Access Template (optional) Copy the contents of RDWeb2012R2&2016 (C:\Program Files (x86)\securenvoy\microsoft Server Agent \SAMPLES) to C:\Program Files (x86)\securenvoy\microsoft Server Agent\WEBAUTHTEMPLATE, backing up existing files. From To 04/18 9

1.11 Single Sign On (SSO) - Configuring Group Policy Log into your Active Directory Domain Controller. Open Group Policy Management Console (gpmc.msc). Locate the relevant Group Policy object for your client computers, in this example Default Domain Policy. Right click it and select edit. Navigate to Computer Configuration Policies Administrative Templates System Credentials Delegation Right click and edit Allow delegating default credentials 04/18 10

Select Enabled and click on the Add servers to the list: Show button Enter the name of the server hosting the Remote Desktop Session Host in the below format. TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine. RECOMMENDED TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in.humanresources.fabrikam.com Note: The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. 04/18 11

For Example: TERMSRV/WIN2016RDS.RICH.LOCAL Repeat for all Session host servers in your RDS farm and click on OK and then again on OK at the next screen. At the Allow delegating default credentials click on Apply and OK. Close GPMC. 1.12 SSO - Applying Group Policy To force the GPO to apply, log into the client machine, open an elevated command prompt and run the gpupdate /force command, as below. However, the GPO will apply dynamically after a pre-defined time. 04/18 12

1.13 Test the Two Factor Authentication Test the Two Factor Web authentication by opening a browser and going to the URL for the Web server i.e. https://your_server_name/rdweb (Don t forget the https) User logon screen is shown. Enter your UsedID and Password User is then presented with their two-factor authentication type: Preload, Realtime and Soft tokens: VOICE tokens: Soft Token Push: 04/18 13

User authenticates successfully and is presented with RDWeb 2016: User launches application from RDWeb page and selects Open from browser Note Configure your domain name within seiis.ini (C:\Windows): # Default Domain Name to use if no domain information is included in this UserID (leave blank if not required) DefaultDomain= yourdomain This will allow your users to logon to RD Web Access without specifying the domain name: domain\userid 04/18 14

Please Reach Out to Your Local SecurEnvoy Team... UK & IRELAND The Square, Basing View Basingstoke, Hampshire RG21 4EB, UK EUROPE Freibadstraße 30, 81543 München, Germany ASIA-PAC Level 40 100 Miller Street North Sydney NSW 2060 Sales E sales@securenvoy.com T 44 (0) 845 2600011 Technical Support E support@securenvoy.com T 44 (0) 845 2600012 General Information E info@securenvoy.com T +49 89 70074522 Sales E info@securenvoy.com T +612 9911 7778 USA - West Coast Mission Valley Business Center 8880 Rio San Diego Drive 8th Floor San Diego CA 92108 USA - Mid West 3333 Warrenville Rd Suite #200 Lisle, IL 60532 USA East Coast 373 Park Ave South New York, NY 10016 General Information E info@securenvoy.com T (866)777-6211 General Information E info@securenvoy.com T (866)777-6211 General Information E info@securenvoy.com T (866)777-6211 SecurEnvoy HQ, Octagon Point, 5 Cheapside, St Paul's, London, EC2V 6AA E: info@securenvoy.com T: 44 (0) 845 2600010 Company No. 04866711 VAT Number GB 862076128

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback