2FA group or user depending

Discussion in 'Parallels Remote Application Server Feature Suggestions' started by PatrickD8, Jun 19, 2019.

  1. PatrickD8

    PatrickD8 Bit Poster

    Messages:
    23
    Hi Parallels team,
    we want to provide 2FA to some of our users. Enabling 2FA under "Connection >> Second level authentication" activates 2FA for all.
    I know you can use exclusion lists. However, I find this approach a bit unfavorable and cumbersome to manage.
    If you have a 2FA and a non-2FA environment, you would need 4 secure gateways for fail-safety.
    In my opinion, it would make more sense to whitelist at group or user level, just like with the published items.
    This reduces the complexity of the environment and an admin has more precise control over the authorized users.

    I would be very happy if you implement this option.

    Best regards
    Patrick
     
  2. Eugene. K.

    Eugene. K. Parallels Team

    Messages:
    70
    Hi Patrick,
    Thanks for the feedback! We have this request already and plan to implement it in future versions. Can't give you any precise estimates at the moment.
    I'll add you to the list of requestors of the feature.
     
  3. Eugene. K.

    Eugene. K. Parallels Team

    Messages:
    70
    The feature was just released in RAS version 17.1-Update1.
    To configure it Open MFA configuration in RAS Console, select the User or group exclude list option and click Configure.
     
  4. PatrickD8

    PatrickD8 Bit Poster

    Messages:
    23
    Hi Eugene,
    I have already taken note of this. Thanks for the implementation. I don't understand your strict blacklisting approach.
    Why not whitelisting? For most companies, 2FA is still something optional, which allows users to further increase their security.
    It would be easier for administrators to assign users to a 2FA group than to create multiple exclusions and possibly even cause problems.
    Or maybe I somehow misunderstand your approach?

    Best regards
    Patrick
     

Share This Page