Two Factor authentication emails / sms

Discussion in 'Parallels Remote Application Server' started by MalteS, Feb 20, 2018.

  1. MalteS

    MalteS Bit poster

    Messages:
    4
    Hi,
    Are there any solutions/possibilities for two factor authentication in combination with e-mail or sms?

    kind regards
     
  2. Danil@Parallels

    Danil@Parallels Staff Member

    Messages:
    80
    Hi MalteS, welcome to the forums! By default the two-factor authentication is ON for your Parallels Account: http://kb.parallels.com/124346
    Are you asking if there is an option to additionally add an extra layer of authentication in addition to the current two-factor authentication via email?
     
  3. MalteS

    MalteS Bit poster

    Messages:
    4
    Correct. If a user wants to login, he is getting an email (the mail-adress entered in the AD-Account) with a one time password.
     
  4. Danil@Parallels

    Danil@Parallels Staff Member

    Messages:
    80
    Hi MalteS, I suspect you are an admin of a business account, right? If so, why would you need any employees other than other BA admins of the company to access the business account? To allow company employees to use the software you may go to Dashboard and use "Invite Users" under the respective product. This will trigger an email to the specified email address with the product download, installation and activation instructions. I apologize if i misunderstood or missed something.
     
  5. MalteS

    MalteS Bit poster

    Messages:
    4
    I mean if a user already has the Parallels Client and use their AD-credentials to login they get an email (the mail-adress entered in the AD-Account) with a one time password. Is this possible to implement?
     
  6. jpc

    jpc Pro

    Messages:
    433
    @MalteS Are you referring to 2FA for your "Parallels Account" which you can access via https://account.parallels.com/ or are you talking on enabling 2FA for users of "Remote Application Server"?
     
  7. MalteS

    MalteS Bit poster

    Messages:
    4
    Im talking about enabling 2fa for users of RAS
     
  8. jpc

    jpc Pro

    Messages:
    433
    @MalteS Yes, it is possible to setup 2FA with either email or sms in RAS. There is built-in support for Deepnet, Safenet and RADIUS.
    The settings are accessible via the RAS Console from: "Connection > Second Level Authentication"
    The administration manual explains how to set them up (https://www.parallels.com/products/ras/resources/).

    In-client account creation/otp setup is supported for Deepnet and Safenet providers. The users should have their email and sms fields populated automatically upon their first connection attempt i.e. they just need to "confirm" that the information is correct and create the account.

    Did you have any issues with setting that up, or were you looking for something more automated (such as bulk import of user credentials)?
     
  9. RichardM13

    RichardM13 Bit poster

    Messages:
    2
    Hi,
    Sorry to hijack this thread, but i was looking for the same thing - 2FA for clients using the RSA. The manual is very useful, but I was more curious on seeing your suggestion of automated bulk import of user credentials? Is this something you could direct me to?
    Thanks!
     
  10. jpc

    jpc Pro

    Messages:
    433
    @RichardM13
    RAS does have support for automatic-user creation, specifically for Deepnet and Safenet providers (the standard RADIUS protocol does not provide such facilities).
    However, as far as I know, such functionality is only provided in the form of user-self-service as described above.

    In most cases, RAS normally just interfaces with the specific authentication providers (e.g AD, Deepnet, etc). The users will have to added to those providers via their own interfaces. Depending on your 2FA provider, they may already offer bulk import of user credentials.

    Since you did not specify which 2FA provider you are using, I can only direct you to file a feature suggestion for the specific functionality you would like to be added in RAS (such as bulk import/updating of users or extended support for some 2FA provider) over here:
    https://forum.parallels.com/forums/parallels-remote-application-server-feature-suggestions.767/
     
  11. RichardM13

    RichardM13 Bit poster

    Messages:
    2
    Hi JPC,
    Thank you for this - we are currently in a position where we are still choosing our 2FA provider. We currently have an internal FreeRADIUS server, but looking at options for a new provider to utilise options such as One Off SMS passwords, etc.
    I will go through the guide and trial DeepNet and SafeNet to see what best suits our needs.
    Thanks once again for your response!
     

Share This Page