Skip to content

Multi-Factor Authentication (MFA)

Anyware Manager as a Service supports Multi-Factor Authentication (MFA) for PCoIP client sessions. The Anyware Manager as a Service MFA implementation is based on the RADIUS protocol. Customers can leverage their existing RADIUS server installation to enable MFA for Anyware Manager as a Service deployments. The following MFA scenario's have been tested with specific versions of the MFA software in question. Different versions may not yield the same results and may lead to different behavior.

Multi-Factor Authentication with Duo

Duo Authentication Version

The Connector was tested with Duo version 2.4.21.

In regards Duo authentication, the following information is configured in the authproxy.cfg file. When installing the Connector it will require the following information to configure the Duo Radius server:

  • Radius Client IP (Connector IP)
  • Radius Server Port
  • Radius Shared Secret
  • Duo authentication settings (ikey, skey and api host)

Multi-Factor Authentication PCoIP Client Support

Android PCoIP clients do not presently support RADIUS MFA.

For information on enabling Duo authentication with Anyware Manager as a Service, see Anyware Manager as a Service Duo MFA.

Multi-Factor Authentication with Azure

Microsoft Azure MFA Component Versions

We tested the Connector with Microsoft Azure MFA on November 15th 2019 with the following components.

HP component versions:

  • PCoIP Software Client for Windows 19.11.
  • Connector with MFA flag enabled.
  • PCoIP Standard/Graphics Agent 19.11.

3rd party component versions:

  • Azure Active Directory Premium or Microsoft 365 Business offering to use Azure MFA.
  • Network Policy Server (NPS) acting as the RADIUS server.
  • NPS extension 1.0.1.32.
  • Microsoft Authenticator App 1911.7724 (Android/iOS).

Using different versions may result in different behavior and has not been tested by us.

Azure MFA can successfully be used as a 2nd factor tool for authenticating into the Connector. The following components are required to enable this MFA set-up:

  • Azure Active Directory Premium or Microsoft 365 Business offering to use Azure MFA.
  • Network Policy Server (NPS) acting as the RADIUS server.
  • NPS extension 1.0.1.32 for Azure MFA sending requests from NPS to Azure MFA cloud service.
  • Microsoft Authenticator App 1911.7724 (Android/iOS) to receive Push or to generate a Passcode.

Generated Passcode is not usable with Connector and Azure MFA

Only Microsoft Authenticator App Push Notification is supported due to Azure MFA using Modern Authentication. Selecting Send Me a Push or Submit Passcode triggers a push notification on your Microsoft Authenticator App. You will successfully connect to your PCoIP Session once you approve the push on your Android/iOS device.

For further information on configuring the required 3rd party components to enable Azure MFA with Connector, see Anyware Manager as a Service Azure MFA.