Azure Multi-Factor Authentication

KEMP Loadmaster Product Family in the Microsoft Azure Cloud

 

Securing access to your internal applications and assets using Multi-Factor Authentication

Please note that in order to avail of this feature you will need to enable delegation in your Azure-based Active Directory.

 

KEMP Loadmasters provide a facility to seamlessly integrate with the Microsoft Azure Cloud in a fully transparent way. By doing so customers can stretch their network to outside of their premises to allow for external access without “punching holes” in your firewall.

 

In order to provide an extra-level of security when it comes to accessing the services held by the Loadmaster, one can leverage the Multi-Factor Authentication built into the Azure cloud in addition to the authentication facility built-into the Loadmaster.

 

Combining these measures provides the highest-level of access protection for your assets, especially when it comes to serving a mobile work force. This would mitigate a scenario where valid credentials have been obtained by an attacker without access to the on premise network.

 

Options to choose from include:

  • Phone Call
  • Text message
  • Mobile App Notification – Choose whatever method serves your need
  • Challenge Response through verification codes sent to a mobile app
  • 3rd Party OATH codes

These factors secure access to the Azure-based Loadmaster. Once a user has successfully authenticated, they can be presented with the ESP authentication providers. ESP is the abbreviation for Edge Security Pack and provides Single-Sign On for application access. Also at this stage it is possible to enable Multi-Factor Authentication before access to the protected application is being granted.

 

Features of ESP include:

  • End Point Authentication for Pre-Auth
  • Single-Sign On across Virtual Services
  • LDAP Authentication
  • Basic Authentication
  • NTLM Authentication
  • Form-Based Authentication
  • MIT Kerberos Authentication to the Back-End

 

So typically a mobile log-in consists of these steps:

  • User enters Credentials
  • User receives a phone call, is prompted to enter a code
  • User receives a text message with another code to enter in the auth form
  • User is presented with ESP based auth methods
  • User enters LDAP credentials
  • User enters RSA-PIN
  • Access is granted to the protected application

 

Was this article helpful?

0 out of 0 found this helpful

Comments