Enabling 2FA on a VM with VMware Direct Connection Plugin

Hama900 · ‎07-06-2023

Hey there,

I’m running a VM with the VMware Direct Connection Plugin, which essentially is a VDI VM with GPU passthrough and accessible through the Horizon Client but without all the other infrastructure around it such as connection servers etc, it’s really just a stand-alone VM (AD joined) with the VMware Agent and the Direct Connect Plugin.

I would like to secure this with MFA, and the only guide I could find was for the Authentication Proxy software where it interfaces with the “connection server” even though I don’t have a connection server. I also don’t have a RADIUS server installed, unsure if that is necessary, only have an AD.

How can I still enable MFA on my VM?

These are the only docs I can find > Two-Factor Authentication for VMware Horizon View (VDI) | Duo Security

DuoKristina · ‎07-06-2023

You could try installing Duo Authentication for Windows Logon on the target virtual host if it is running Windows.

Duo, not DUO.

Hama900 · ‎07-07-2023

That’s how I’ve got it set up now but it’s not ideal, I want the authentication to happen before I log into the Horizon portal and not afterwards in Windows. Is there not a way to achieve that?

DuoKristina · ‎07-07-2023

Without a connection server I can’t think of a way you could add Duo RADIUS authentication in Horizon.

Do you use UAG or Workspace One? It’s possible to add Duo auth to those via RADIUS using our generic RADIUS application or SAML with our generic SAML 2.0 SSO application.

Configuring Horizon for Unified Access Gateway and Third-Party Identity Provider Integration (this also seems to require a connection server though).

https://resources.workspaceone.com/view/j87fqmyx6bjzwbvjvvtq/en

You might want to contact VMWare support, who likely understand your current config well, and ask what option you have in your current config for adding third-party RADIUS or SAML authentication.

Duo, not DUO.