Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

MFA for RDS Web Access using SAML Authentication

 

Information

 

Summary: 

Implementing Azure MFA for an RDS Web Access virtual service environment using SAML and KCD

Environment:

Product: LoadMaster

Version: Any

Platform: VMware

Application: RDS Web Access

Question/Problem Description:

Is it possible to use MFA for an RDS virtual service?

Is it also possible to use SAML authentication for MFA?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: Question about capability for MFA/SAML in relation to RDS Virtual Service.
Resolution: 
  • When using SAML authentication as the client-side authentication method, the only available server-side authentication method would be Kerberos Constrained Delegation.
  • You can first configure SAML authentication and create the client-side SAML SSO domain, then configure KCD on the real server, and from there create the server-side KCD SSO domain on the LoadMaster.
  • Once the SSO domains have been configured on the LoadMaster, the RDS Web Access service will need to be configured for ESP and the appropriate SSO configs must be assigned.
Workaround:  
Notes:

This document covers configuring SAML authentication:https://support.kemptechnologies.com/hc/en-us/articles/4426804048013-SAML

This document covers how to configure MFA and assign it to the virtual service:

https://support.kemptechnologies.com/hc/en-us/articles/4423918482061-Azure-Multi-Factor-Authentication 

The configuration steps for KCD can be found here: https://support.kemptechnologies.com/hc/en-us/articles/4426792458381 

Once the SSO domains have been configured on the LoadMaster, the RDS Web Access service will need to be configured for ESP:

https://support.kemptechnologies.com/hc/en-us/articles/209466686-How-to-configure-ESP-for-Remote-Desktop-Web-Access


Comments