It is recommended to deploy this configuration in a test environment before deploying to production. When MFA is enabled, the Amazon WorkSpaces client prompts for the MFA code. Step 8: The AD Connector completes authentication and the customer can access the service Step 7: The RADIUS server checks the OTP and responds with ‘success’ if it was correct. Step 6: The Active Directory sends the secondary credentials OTP to the RADIUS server. Steps 4 & 5: Active Directory validates the primary authentication part (domain credentials) with the on-premises domain controllers for AD Connector or AWS Managed Domain Controllers if using AWS Managed AD. Step 3: The WorkSpaces client sends both the first factor domain user name and password and the second factor OTP to the AWS Directory Service. Steps 1 & 2: The Amazon WorkSpaces user gets the one time password (OTP) from an authentication app, such as Google Authenticator. This is how the authentication flow works when using MFA with Amazon WorkSpaces: FreeRADIUS is used by educational institutions, internet service providers and for enterprise networks. FreeRADIUS is the most popular open source RADIUS server and the most widely deployed RADIUS server in the world. It is developed and distributed under the GNU General Public License, version 2, and is free for download and use. FreeRADIUS is a modular, high-performance free RADIUS suite. You can implement this configuration using the free open source RADIUS server, FreeRADIUS. With MFA, you must enter an authentication code (the second factor), which is provided by your MFA solution.įor MFA on Amazon WorkSpaces, you need a remote authentication dial-in user service (RADIUS) server that can authenticate the one-time password. MFA adds an extra layer of protection to a user name and password (the first “factor”). With Amazon WorkSpaces, you can quickly scale to provide thousands of desktops to workers across the globe. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in a few minutes. Amazon WorkSpaces is a managed, secure cloud desktop service. In this blog post, we show how to configure FreeRADIUS and LinOTP for multi-factor authentication to Amazon WorkSpaces. This uses CloudFormation to deploy this solution in a new or existing Directory Service. If you want an automated deployment of this solution, you can use the FreeRADIUS MFA with Amazon WorkSpaces reference architecture for an end-to-end deployment in your AWS account.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |