MFA for Secure Gateway

massameno_dan · August 16, 2019, 1:35pm

=== Feature Enhancement Request ===

We’re trying out the Multifactor Authentication (MFA, a.k.a, two-factor or 2FA) feature on the Document Store on Royal Server. It works great! But that’s not quite what we needed.

Can we do MFA on the Royal Server Secure Gateway? For instance, when the engineers arrive in the morning they would have to MFA to get their first connection through the Secure Gateway but after that, all new sessions would go through the Secure Gateway without re-checking the MFA.

There should probably be a setting for Maximum-Session-Time to time-out the session and force the MFA to repeat. We’d probably set ours to 30 hours or something to let users get a full day’s work in.

We use Duo Security here but the Microsoft Authenticator is a valid second option for us.

Thank you.

ian · August 20, 2019, 4:29pm

We would definitely like to see this as well. Duo or google auth would work for us.

stefan_koell · August 22, 2019, 7:28am

Thanks, Dan. We will look into it and update this thread once we have something to share.

timo · September 20, 2019, 2:43pm

This would be an awesome feature.

massameno_dan · September 20, 2019, 2:55pm

Just as a point of clarification… we don’t make our network engineers work 30 hours per day.

I was just choosing an arbitrary number that was 24 < x < infinity.

daniel_cattigan · November 12, 2019, 10:55am

2FA is a hard requirement from our security team. What progress or updates can you provide for this feature?

Thanks

Dan

jouni_varjonen_4m · November 14, 2019, 12:02pm

This is already available, any idea hot to use this feature?

wolfgang_back · November 20, 2019, 2:44pm

Would also need this feature!

joshua_kroger · February 18, 2020, 4:42pm

I am evaluating RoyalServer for use in our environment and MFA on the Secure Gateway is an absolute must for us as well. Has this feature been officially added to the product roadmap?

scott_davis · April 15, 2020, 7:41pm

My team is already using RoyalTS, and we need a connection broker like RoyalServer.

MFA is mandatory for us, so we are waiting for this feature.

wolfgang_back_eh · December 1, 2020, 2:58pm

Any news on this?

joshua_kroger · December 1, 2020, 4:36pm

I’m subscribed to this threat and completely agree with Wolfgang. This is an absolute must that we’ve been waiting a long time for. I would like an update as well.

alper_uzmezler · December 18, 2020, 4:43am

This would be welcome on our side as well.

stefan_koell · December 18, 2020, 9:35am

I’m not sure if and when we can implement this. The 3rd party component we are using doesn’t have an API we could hook into. We contacted the Vendor and asked for this but we haven’t got a response yet.

Rest assured, as soon as this is possible, we will implement it.

Sorry for the bad news.

ben_houghton · March 18, 2021, 4:47am

Any update on MFA for Royal Gateway?

stefan_koell · March 18, 2021, 7:28am

Unfortunately we still have no ETA for the 3rd party vendor component. Not sure if we are able to implement it in the V4 release. Might be V4.1 or so.

dsaliva · March 18, 2021, 1:17pm

I saw this the other day when i logged into the Royal Server.

michael_cote · April 9, 2021, 7:43pm

We’re looking for a similar solution to provide MFA to the secure gateway before being able to access remote sessions. This is a huge auditing item and would certainly be a selling point for us. I’m going to subscribe as well. Is there a formal place to put in feature requests, or is this the correct forum?

ben_houghton · April 11, 2021, 10:53pm

SAML or Radius would do. If we had Radius we could just use Windows NPS and AzureAD extension to do MFA. Either fits our requirements.

michael_cote · April 12, 2021, 3:16am

RADIUS would be even better imo because you could proxy RADIUS requests to an MFA provider to still give you the MFA ability.