SAML MFA authentication for VMware Horizon using Thales Safenet Trusted Access

This post was originally published on this site

Background

I have been working on a project to integrate many platforms with Thales Safenet Trusted Access to enable multi-factor authentication to improve access security to those platforms. One of those platforms is VMware Horizon.

Since the release of Horizon version 7.11, SAML based authentication has been a supported protocol for enabling MFA. Prior to this, it was only possible to use RADIUS based authentication to enable MFA, which has some limitations. namely that as far as I know it does not support conditional access and does not support push notifications for One Time Passcode soft tokens.

Safenet Trusted Access support a lot of applications out of the box, but Horizon is not one of them. This guide will show you how to make it work.

 

How to

Before we begin, I am going to make a few assumptions. For this, to work, you need to be running a Horizon Unified Access Gateway appliance as well as a minimum of Horizon 7.11. I will also assume you have an active Thales Safenet Trusted Access subscription.

Step 1 – Configure a new application in STA

Login into STA and choose the option to add a new application.

<img data-attachment-id="1860" data-permalink="https://www.snurf.co.uk/vmware/saml-mfa-authentication-for-vmware-horizon-using-thales-safenet-trusted-access/attachment/uagmfa-033/"

Want to learn more? Read the source post!