Hi,

We currently use UAG to provide access to some internal websites (such as SharePoint etc.) and for RDS access, today we use a OTP solution, where the users log in with a non AD user/pincode, then enter a OTP token.

For websites this is working great, UAG provides kerberos tickets for the internal web servers, so the users are authenticated by their actual Active Directory user, even though, they have never entered their Active Directory Username/Password.

Right now we are having a huge problem trying to find an alternative way / product from MS or 3rd party, that can do the same.

We don't want our users to log in with their Active Directory user/pass, as we require smartcards for interactive logins for our end users, so all their passwords are completely randomized without the end user knowing what they are / certificates are used for MDM/network access etc.

So we are not looking for any 2 factor solution that adds additional layers on top of their actual Active Directory Username/Password, we want to get rid of the end users having to know their Active Directory password.

This is all working great with UAG today, but if anyone know of a similar solution that isn't EOL please give me a hint, bonus points if it would work with RDS, something that today, even when using UAG requires entering AD credentials.

• Edited by MIJDK Thursday, April 09, 2015 12:37 PM