Start a new topic

MFA for Secure Gateway

=== Feature Enhancement Request ===

We're trying out the Multifactor Authentication (MFA, a.k.a, two-factor or 2FA) feature on the Document Store on Royal Server.  It works great!  But that's not quite what we needed.

Can we do MFA on the Royal Server Secure Gateway?  For instance, when the engineers arrive in the morning they would have to MFA to get their first connection through the Secure Gateway but after that, all new sessions would go through the Secure Gateway without re-checking the MFA.

There should probably be a setting for Maximum-Session-Time to time-out the session and force the MFA to repeat.  We'd probably set ours to 30 hours or something to let users get a full day's work in.  

We use Duo Security here but the Microsoft Authenticator is a valid second option for us.

Thank you.

7 people like this idea

Unfortunately we still have no ETA for the 3rd party vendor component. Not sure if we are able to implement it in the V4 release. Might be V4.1 or so.

I saw this the other day when i logged into the Royal Server.

We're looking for a similar solution to provide MFA to the secure gateway before being able to access remote sessions. This is a huge auditing item and would certainly be a selling point for us. I'm going to subscribe as well. Is there a formal place to put in feature requests, or is this the correct forum?

SAML or Radius would do. If we had Radius we could just use Windows NPS and AzureAD extension to do MFA. Either fits our requirements. 

RADIUS would be even better imo because you could proxy RADIUS requests to an MFA provider to still give you the MFA ability.

I'm going to be demoing RoyalTS / Royal Server to our security team, and I'm likely to get shot down over this missing feature.  I'll be waiting to see how this develops.

Would really love to see Duo or Google Auth on the gateway, or really any standard internet-based 2FA authenticator.

We'd love to see this feature too!

Login or Signup to post a comment