Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

MFA for RDS Web Access using SAML Authentication

Updated: September 25, 2023 08:32

Information

Summary:	Implementing Azure MFA for an RDS Web Access virtual service environment using SAML and KCD
Environment:	Product: LoadMaster Version: Any Platform: VMware Application: RDS Web Access
Question/Problem Description:	Is it possible to use MFA for an RDS virtual service? Is it also possible to use SAML authentication for MFA?
Steps to Reproduce:
Error Message:
Defect Number:
Enhancement Number:
Cause:	Question about capability for MFA/SAML in relation to RDS Virtual Service.
Resolution:	When using SAML authentication as the client-side authentication method, the only available server-side authentication method would be Kerberos Constrained Delegation. You can first configure SAML authentication and create the client-side SAML SSO domain, then configure KCD on the real server, and from there create the server-side KCD SSO domain on the LoadMaster. Once the SSO domains have been configured on the LoadMaster, the RDS Web Access service will need to be configured for ESP and the appropriate SSO configs must be assigned.
Workaround:
Notes:	This document covers configuring SAML authentication:https://support.kemptechnologies.com/hc/en-us/articles/4426804048013-SAML This document covers how to configure MFA and assign it to the virtual service: https://support.kemptechnologies.com/hc/en-us/articles/4423918482061-Azure-Multi-Factor-Authentication The configuration steps for KCD can be found here: https://support.kemptechnologies.com/hc/en-us/articles/4426792458381 Once the SSO domains have been configured on the LoadMaster, the RDS Web Access service will need to be configured for ESP: https://support.kemptechnologies.com/hc/en-us/articles/209466686-How-to-configure-ESP-for-Remote-Desktop-Web-Access

Was this article helpful?

0 out of 1 found this helpful

Comments

In this document