Direct Access 2-Factor Authentication Issues

We currently have UAG direct access set up, and it's working great.  

Now we are trying to integrate an out-of-band 2 factor authentication solution (phonefactor).  All I need for it to work is a RADIUS call to the phonefactor server, and it will send a phone call or OTP to the users phone to complete the login.

I have it working perfectly with a UAG trunk / portal, but can't get it to work with Direct Access.  I went through the 2 factor OTP setup in the DA console, but it's asking for the OTP before contacting the RADIUS server.  I need it to contact the RADIUS server first in order to generate the OTP and send it to the user.

Is there any way to make that happen?

September 14th, 2012 6:03pm

Direct Access via UAG only works with 2 factor authentication systems that already know the passcode before you login.

You cannot send two separate authentication requests (Radius access challenge) to Direct Access.

Have you looked at SecurEnvoy, http://www.securenvoy.com as they pre-load the required passcode via SMS to get round this issue.

I also noticed they have an integration guide for UAG

http://www.securenvoy.com/integrationguides/microsoft%20uag%20integration.pdf

Hope this helps,

Andy

 
Free Windows Admin Tool Kit Click here and download it now
September 20th, 2012 4:39pm

Hi

There is a much better and simpler way to add authentication with Direct access and that is to use TPM chip (you already have it). Not only you get additional security but requires no user intervention.

Let me know if you want further information this.

Thx

July 16th, 2013 11:50am

Hi

Can you please send me the information on using TPM with UAG?

Sorry to resurrect such an old thread

Free Windows Admin Tool Kit Click here and download it now
January 9th, 2014 4:56pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics