Authpoint Radius Microsoft Remote Dekstop Gateway NPS
Hi,
Does anyone has the experience to get authpoint radius authentication combined with Microsoft Remote Desktop gateway working?
Regards,
0
Sign In to comment.
Hi,
Does anyone has the experience to get authpoint radius authentication combined with Microsoft Remote Desktop gateway working?
Regards,
Comments
Hi @Merijn
The RD Gateway has a special AuthPoint agent -- I'd suggest looking at the documentation here:
(About the AuthPoint Agent for RD Web)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/resources_rd-web.html
-James Carson
WatchGuard Customer Support
Hi James,
Thanks for your respone. unfortunately this covers only RD web.. we need to cover RD Gateway with MFA..
Hello Merjin,
You protect the host with MFA. See https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/logon-app_about.html
"...To protect the RD Gateway server itself, you install the Logon app on the server. To protect the hosts behind the RD Gateway, you install the Logon app on the hosts....."
Hi @MarkW
The gateway can reach out for as many RADIUS resources as you want, and can sync to the LDAP/ADFS hosts you have configured. SAML requests come directly from WatchGuard Cloud.
-James Carson
WatchGuard Customer Support
I think MARKW was me from last year. I'm not sure I understand @james.carson response though. Can someone tell me how I configure a Microsoft RD Gateway and/or Authpoint in order to use Authpoint MFA when connecting to any other host via said RD Gateway. Can Authpoint only protect it at the host (ie do I have to install Authpoint on any potential host, which is not what I want to do. I want to protect any external connection using the RD Gateway).
Many thanks.
@MEW
The RDWeb agent only protects accessing the RDWeb server. If the users can potentially access the systems any other way, we generally recommend putting the logon app on the machine/virtual machine itself to protect it.
Under most circumstances that I run into in the wild, RDWeb is just dishing out RDP connections which the users can initiate again if they've downloaded the file instead of just opening it. Because of that. I'd suggest using the logon app on the machines too.
-James Carson
WatchGuard Customer Support
Hi @james.carson
Thanks for the response. It's RD Gateway that I'm referring to though, not RDWeb.
I think, from what I can glean, is that Authpoint cannot provide MFA to clients connecting to a variety of hosts through the gateway unless Authpoint is installed on any of these hosts that they may access - i.e. you cannot perform the MFA authentication at the gateway, before even getting to the host(s)?