You can configure Unified Access Gateway so that users are required to use strong RADIUS two-factor authentication. You configure the RADIUS server information on the Unified Access Gateway appliance.
RADIUS support offers a wide range of third-party two-factor authentication options. To use RADIUS authentication on Unified Access Gateway, you must have a configured RADIUS server that is accessible on the network from Unified Access Gateway.
When users log in and RADIUS authentication is enabled, users enter their RADIUS authentication user name and passcode in the login dialog box. If the RADIUS server issues a RADIUS Access-Challenge, Unified Access Gateway displays a second dialog box to the user prompting for the challenge response text input, such as a code communicated to the user through a SMS text or other out-of-band mechanism. Support for a RADIUS passcode entry and challenge response entry is limited to text-based input only. Entry of the correct challenge response text completes the authentication.
If the RADIUS server requires the user to enter their Active Directory password as the RADIUS passcode, then for Horizon use the administrator can enable the Horizon Windows single sign-on feature on Unified Access Gateway so that when RADIUS authentication is complete, the user will not get a subsequent prompt to reenter the same Active Directory domain password.