AD for Internal SAML for External

Discussion in 'Parallels Remote Application Server' started by SimonM16, Jul 3, 2024.

  1. SimonM16

    SimonM16 Bit poster

    Messages:
    4
    Hi,
    I want to have two themes, I have configured one with SAML auth and this is working great. I want to present a different theme to internal users without the SAML auth, I can do this but the 2nd theme is also available externally - which I don't want.
    I've tried different combinations of filtering, deploying additional secure gateways etc but can't seem to find a way.

    In Citrix I could do this with a NetScaler for the external access and SAML, internal users would access via the internal StoreFront servers, just can't seem to do the same with RAS.

    Any ideas will be appreciated.
     
  2. jpc

    jpc Pro

    Messages:
    449
    afaik, access to themes can be currently limited only to specific user groups and/or users. However, if all you need is to disable SAML for users accessing a specific gateway, that can be configured from the MFA > Restrictions > (plus button). If your use case is more complex, it would be helpful to illustrate which settings from the theme you want to apply to internal users.
     
  3. SimonM16

    SimonM16 Bit poster

    Messages:
    4
    I have two themes:

    https://FQDN/userportal and https://FQDN/internal

    I've excluded the two secure gateways I have for internal from load balancing, the issue is if I go to https://host.domain.com/internal I get to the theme I want for internal that only has the AD auth configured. Using https://host.domain.com/ I'll hit the default theme and get my SAML authentication.

    Thanks
     
  4. jpc

    jpc Pro

    Messages:
    449
    @SimonM16 Oh, I see. My mind was so dead set on MFA even while I was typing SAML. I do not think that themes support that because RAS themes operate at the site-level not at the gateway-level. You can probably get away with some URL rewriting tricks but the theme would still be accessible with native clients.

    I suggest that you post a feature suggestion or contact support to file a feature request so that access to sites can be restricted based on the gateway used (apart from the AD user / group used).
     
  5. RolandS16

    RolandS16 Bit poster

    Messages:
    2
    Hi, i will need the same feature. Is there already a request for it?
     
  6. EmelyD

    EmelyD Bit poster

    Messages:
    3
    I also need
     

Share This Page