Skip to content

Multi-Factor Authentication (MFA)

CAS Connector supports Multi-Factor Authentication (MFA) for PCoIP client sessions. The CAS Connector MFA implementation is based on the RADIUS protocol. Customers can leverage their existing RADIUS server installation to enable MFA for CAS Connector deployments. The following MFA scenario's have been tested with specific versions of the MFA software in question. Different versions may not yield the same results and may lead to different behavior.

Multi-Factor Authentication with Duo

Duo Authentication Version

The Connector was tested with Duo version 2.4.21.

In regards Duo authentication, the following information is configured in the authproxy.cfg file. When installing the Connector it will require the following information to configure the Duo Radius server:

  • Radius Client IP (Connector IP)
  • Radius Server Port
  • Radius Shared Secret
  • Duo authentication settings (ikey, skey and api host)

Multi-Factor Authentication PCoIP Client Support

Android PCoIP clients do not presently support RADIUS MFA.

For information on enabling Duo authentication with CAS Connector, see CAS Connector Multi-Factor Authentication.

Multi-Factor Authentication with Azure

Microsoft Azure MFA Component Versions

Teradici tested the Connector with Microsoft Azure MFA on November 15th 2019 with the following components.

Teradici component versions:

  • PCoIP Software Client for Windows 19.11.
  • Connector with MFA flag enabled.
  • PCoIP Standard/Graphics Agent 19.11.

3rd party component versions:

  • Azure Active Directory Premium or Microsoft 365 Business offering to use Azure MFA.
  • Network Policy Server (NPS) acting as the RADIUS server.
  • NPS extension 1.0.1.32.
  • Microsoft Authenticator App 1911.7724 (Android/iOS).

Using different versions may result in different behavior and has not been tested by Teradici.

Azure MFA can successfully be used as a 2nd factor tool for authenticating into the Connector. The following components are required to enable this MFA set-up:

  • Azure Active Directory Premium or Microsoft 365 Business offering to use Azure MFA.
  • Network Policy Server (NPS) acting as the RADIUS server.
  • NPS extension 1.0.1.32 for Azure MFA sending requests from NPS to Azure MFA cloud service.
  • Microsoft Authenticator App 1911.7724 (Android/iOS) to receive Push or to generate a Passcode.

Generated Passcode is not usable with Connector and Azure MFA

Only Microsoft Authenticator App Push Notification is supported due to Azure MFA using Modern Authentication. Selecting Send Me a Push or Submit Passcode triggers a push notification on your Microsoft Authenticator App. You will successfully connect to your PCoIP Session once you approve the push on your Android/iOS device.

For further information on configuring the required 3rd party components to enable Azure MFA with Connector, see CAS Connector Multi-Factor Authentication.