Skip to content

Multi-Factor Authentication (MFA)

Cloud Access Manager supports Multi-Factor Authentication (MFA) for PCoIP client sessions. The Cloud Access Manager MFA implementation is based on the RADIUS protocol. Customers can leverage their existing RADIUS server installation to enable MFA for Cloud Access Manager deployments. The following MFA scenario's have been tested with specific versions of the MFA software in question. Different versions may not yield the same results and may lead to different behavior.

Multi-Factor Authentication with Duo

Duo Authentication Version

The Cloud Access Connector was tested with Duo version 2.4.21.

In regards Duo authentication, the following information is configured in the authproxy.cfg file. When installing the Cloud Access Connector it will require the following information to configure the Duo Radius server:

  • Radius Client IP (Cloud Access Connector IP)
  • Radius Server Port
  • Radius Shared Secret
  • Duo authentication settings (ikey, skey and api host)

Multi-Factor Authentication PCoIP Client Support

Android PCoIP clients do not presently support RADIUS MFA.

For information on enabling Duo authentication with Cloud Access Manager, see Cloud Access Manager Duo MFA.

Multi-Factor Authentication with Azure

Microsoft Azure MFA Component Versions

Teradici tested the Cloud Access Connector with Microsoft Azure MFA on November 15th 2019 with the following components.

Teradici component versions:

  • PCoIP Software Client for Windows 19.11.
  • Cloud Access Connector with MFA flag enabled.
  • PCoIP Standard/Graphics Agent 19.11.

3rd party component versions:

  • Azure Active Directory Premium or Microsoft 365 Business offering to use Azure MFA.
  • Network Policy Server (NPS) acting as the RADIUS server.
  • NPS extension 1.0.1.32.
  • Microsoft Authenticator App 1911.7724 (Android/iOS).

Using different versions may result in different behavior and has not been tested by Teradici.

Azure MFA can successfully be used as a 2nd factor tool for authenticating into the Cloud Access Connector. The following components are required to enable this MFA set-up:

  • Azure Active Directory Premium or Microsoft 365 Business offering to use Azure MFA.
  • Network Policy Server (NPS) acting as the RADIUS server.
  • NPS extension 1.0.1.32 for Azure MFA sending requests from NPS to Azure MFA cloud service.
  • Microsoft Authenticator App 1911.7724 (Android/iOS) to receive Push or to generate a Passcode.

Generated Passcode is not usable with Cloud Access Connector and Azure MFA

Only Microsoft Authenticator App Push Notification is supported due to Azure MFA using Modern Authentication. Selecting Send Me a Push or Submit Passcode triggers a push notification on your Microsoft Authenticator App. You will successfully connect to your PCoIP Session once you approve the push on your Android/iOS device.

For further information on configuring the required 3rd party components to enable Azure MFA with Cloud Access Connector, see Cloud Access Manager Azure MFA.