Start a new topic
In Progress

MFA for Secure Gateway

=== Feature Enhancement Request ===

We're trying out the Multifactor Authentication (MFA, a.k.a, two-factor or 2FA) feature on the Document Store on Royal Server.  It works great!  But that's not quite what we needed.


Can we do MFA on the Royal Server Secure Gateway?  For instance, when the engineers arrive in the morning they would have to MFA to get their first connection through the Secure Gateway but after that, all new sessions would go through the Secure Gateway without re-checking the MFA.


There should probably be a setting for Maximum-Session-Time to time-out the session and force the MFA to repeat.  We'd probably set ours to 30 hours or something to let users get a full day's work in.  


We use Duo Security here but the Microsoft Authenticator is a valid second option for us.


Thank you.


11 people like this idea

RADIUS would be even better imo because you could proxy RADIUS requests to an MFA provider to still give you the MFA ability.

Will you have a true Multifactor Authentication (MFA, a.k.a, two-factor or 2FA) feature for your Royal Server Gateway?  One that works for Windows and Linux connections?  If so, when?  We are being pressured by our security team to MFA solution for RDP and SSH connection or to abandon Royal Server completely for another solution that has MFA.  We need firm dates and not "next major version release". My company has over 100K+ users with multiple Royal Server Gateways for multiple domains. We need MFA, because its an industry standard.

Would really love to see Duo or Google Auth on the gateway, or really any standard internet-based 2FA authenticator.

We'd love to see this feature too!

Any update on MFA for Royal Gateway?


It is now a security requirement for us to MFA all external URLs (even if pinned to VPN), so we need this feature ASAP.  What is the ETA?

We don't have yet an ETA as Rebex is still working on it. When we get a new version with MFA support we will provide a new version as soon as possible.

I'm the exact same as Stephen, I love the solution as a whole but it's hard to justify without the 2FA upon connection

I'm sorry this has taken so long but I just wanted to let you know that we are working on this. Stay tuned...

We too need the 2FA component.  We're searching vendors for solutions and I've been a RoyalTS user for 8+ years.  Please let your engineering and pm teams understand how important this is in today's network environment.  We'd love to rollout RoyalTS as our solution for MFA SSH and RDP.

We would love to see an Azure MFA integration or Microsoft authenticator.

@Wolfgang Bäck: right now we plan to enable the already existing MFA providers we support for the document store. Regarding Azure MFA: I'm not sure if we can easily integrate it like the other providers but I kindly ask you to create a dedicated feature request for that and if you happen to know resources like docs for SDKs on how to integrate it in other apps, please include that as well. Thanks!

Any news on when this will arrive?

This will be in the next major version of Royal Server. A beta version will be available in the next few weeks.

Login or Signup to post a comment