Hi, Is it possibile on RAS 17.5 restrict access on Parallels Client and on HTML5 Gateway to specific users or groups in Active Directory. In a scenario where there are hundreds or thousands of users is possible that an attacker guess the username and password of user, register the 2FA (if the user never used the RAS services) and access the application exposed to all domain users. The possibile workarounds I can think of are: - protect all users with 2FA. Very impractical. - filter all application to specific user or group. Andrea Giacomin
Hi Alexey, thank you for the reply. The filter on theme level will do the job! The only downside I see on theme level filter is that an attacker guessing credentials get a positive feedback if user exist and the password are correct, instead of a generic login error. If MFA is enabled and a user is not alowed to login at theme level, it will ask for MFA registration and then access is prohibited. Just a feedback: it would be better to block MFA registration if the user is prohibited to login.