Yeah, We've hit the MFA roadblock in our evaluation as well. I can't propose Royal TS as a solution without it, we've just deployed DUO on our jump environment as an audit requirement and it's non negotiable :(
I am thinking of trying to leverage a linux openssh securegateway with powershell core installed and use PSSession to scan Dynamic folder via SSH. In theory I should be able to use the duo linux client to protect sshd and have it fire that way. I'll report back if this approach is viable
We don't have yet an ETA as Rebex is still working on it. When we get a new version with MFA support we will provide a new version as soon as possible.
Any update on MFA for Royal Gateway?
It is now a security requirement for us to MFA all external URLs (even if pinned to VPN), so we need this feature ASAP. What is the ETA?
We'd love to see this feature too!
Would really love to see Duo or Google Auth on the gateway, or really any standard internet-based 2FA authenticator.
I'm going to be demoing RoyalTS / Royal Server to our security team, and I'm likely to get shot down over this missing feature. I'll be waiting to see how this develops.
SAML or Radius would do. If we had Radius we could just use Windows NPS and AzureAD extension to do MFA. Either fits our requirements.
We're looking for a similar solution to provide MFA to the secure gateway before being able to access remote sessions. This is a huge auditing item and would certainly be a selling point for us. I'm going to subscribe as well. Is there a formal place to put in feature requests, or is this the correct forum?
I saw this the other day when i logged into the Royal Server.
Unfortunately we still have no ETA for the 3rd party vendor component. Not sure if we are able to implement it in the V4 release. Might be V4.1 or so.
Any update on MFA for Royal Gateway?
I'm not sure if and when we can implement this. The 3rd party component we are using doesn't have an API we could hook into. We contacted the Vendor and asked for this but we haven't got a response yet.
Rest assured, as soon as this is possible, we will implement it.
Sorry for the bad news.
This would be welcome on our side as well.
I'm subscribed to this threat and completely agree with Wolfgang. This is an absolute must that we've been waiting a long time for. I would like an update as well.
Massameno, Dan
=== Feature Enhancement Request ===
We're trying out the Multifactor Authentication (MFA, a.k.a, two-factor or 2FA) feature on the Document Store on Royal Server. It works great! But that's not quite what we needed.
Can we do MFA on the Royal Server Secure Gateway? For instance, when the engineers arrive in the morning they would have to MFA to get their first connection through the Secure Gateway but after that, all new sessions would go through the Secure Gateway without re-checking the MFA.
There should probably be a setting for Maximum-Session-Time to time-out the session and force the MFA to repeat. We'd probably set ours to 30 hours or something to let users get a full day's work in.
We use Duo Security here but the Microsoft Authenticator is a valid second option for us.
Thank you.
11 people like this idea