You can use RADIUS to enable 2 Factor Authentication for end users.

Note: Make sure that primary and secondary tenant appliance IP addresses are registered as clients in the RADIUS server. Obtain the tenant appliance IP addresses from your VMware representative.

Procedure

  1. Select Settings > 2 Factor Auth.
  2. Configure the authentication.
    Option Description
    2nd factor Auth Method Select Radius.
    Maintain Username Select Yes to maintain the username during authentication. The user who is attempting to authenticate must have the same username credentials for RSA and Domain Challenge. If you select No, the username field is not locked and the user can enter a different name.
    External Connections Only Select NO to configure 2 Factor Authentication for internal users from within the system. Use Access Point to configure external users.
    Provider Name (Required) Name that distinguishes the type of RADIUS authentication being used.
    Host Name / IP Address (Required) DNS name or IP address of the authentication server.
    Shared Secret (Required) Secret for communicating with the server. The value must be identical to the server configured value.
    Authentication Port UDP port configured to send or receive authentication traffic. Default is 1812.
    Accounting Port UDP port configured to send or receive accounting traffic. Default is 1813.
    Mechanism Select the RADIUS authentication protocol: PAP or CHAP.
    Server Timeout Number of seconds to wait for a response from the RADIUS server. Default is five seconds.
    Max number of retries Maximum number of times to retry failed requests. Default is three tries.
    Realm Prefix Name and delimiter of realm to be prepended to the username during authentication.
    Realm Suffix Name and delimiter of realm to be appended to the username during authentication.
    Auxiliary Server Default is NO. If set to YES, specify a secondary RADIUS server to be used when the primary server is not responding.
  3. Click Save
  4. Enter your username and passcode in the Test Authentication dialog box, then click Test.
    If authentication is successful, users attempting to authenticate with the tenant portals will see a dialog box asking them to log in with their RADIUS credentials, followed by their domain credentials.
  5. If the Test Authentication credentials fail, the settings are not saved. Correct the username or passcode and try again.