Forum Discussion
In the first scenario, you install the two-factor software on the RDS server. It will send a call to the device or database used for two-factor authentication. In this case, similar to phone factor or using the azure cloud.
In the second case, you will setup APM login: Username, Password (AD usually) and Two-factor authentication token. You're basically authenticating at the APM level rather than on the RDS server.
I like the RSA token guide: http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/6.html
http://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/apm_authentication_config_11_0_0/_jcr_content/pdfAttach/download/file.res/apm_authentication_config_11_0_0.pdf
- evegter_163099Jul 10, 2014Nimbostratusthanks! I'll read the docs and see where that takes me. The phonefactor solution (now MS) that uses the Azure MFA server as Radius proxy in combination with the RDS Gateway is basically what we'd like but not accepted because of availability/coverage reasons for SMS like token exchange by the customer so we need to get the solution to work with hardware tokens.