You can use RADIUS to enable 2 Factor Authentication for end users.

About this task

Note:

Make sure that primary and secondary tenant appliance IP addresses are registered as clients in the RADIUS server. Obtain the tenant appliance IP addresses from your VMware representative.

Procedure

  1. Select Settings > 2 Factor Auth.
  2. Configure the authentication.

    Option

    Description

    2nd factor Auth Method

    Select Radius.

    Maintain Username

    Select Yes to maintain the username during authentication. The user who is attempting to authenticate must have the same username credentials for RSA and Domain Challenge. If you select No, the username field is not locked and the user can enter a different name.

    External Connections Only

    Select NO to configure 2 Factor Authentication for internal users from within the system. Use Access Point to configure external users.

    Provider Name

    (Required) Name that distinguishes the type of RADIUS authentication being used.

    Host Name / IP Address

    (Required) DNS name or IP address of the authentication server.

    Shared Secret

    (Required) Secret for communicating with the server. The value must be identical to the server configured value.

    Authentication Port

    UDP port configured to send or receive authentication traffic. Default is 1812.

    Accounting Port

    UDP port configured to send or receive accounting traffic. Default is 1813.

    Mechanism

    Select the RADIUS authentication protocol: PAP, CHAP, MS-CHAPv1, or MS-CHAPv2.

    Server Timeout

    Number of seconds to wait for a response from the RADIUS server. Default is five seconds.

    Max number of retries

    Maximum number of times to retry failed requests. Default is three tries.

    Realm Prefix

    Name and delimiter of realm to be prepended to the username during authentication.

    Realm Suffix

    Name and delimiter of realm to be appended to the username during authentication.

    Auxiliary Server

    Default is NO. If set to YES, specify a secondary RADIUS server to be used when the primary server is not responding.

  3. Click Save
  4. Enter your username and passcode in the Test Authentication dialog box, then clickTest.

    If authentication is successful, users attempting to authenticate with the tenant portals will see a dialog box asking them to log in with their RADIUS credentials, followed by their domain credentials.

  5. If the Test Authentication credentials fail, the settings are not saved. Correct the username or passcode and try again.