Start a new topic
In Progress

Single OTP on opening of multiple Royal Server documents

Hello,

Here in my company all the techincians have RoyalTS that automatically opens on startup their own local RTSX document and two/three Royal Server documents with Google OTP.

It's very annoying that we have to enter the OTP for every document, is it possible to have the ability to enter the OTP just once for all the documents?

Thanks!


F


3 people like this idea

We allocate files based on user access as there's no  concept of ACL type permissions in TSX to have granular permissions within the file.


In our case we have 38 files which could quite possibly all be open at the same time. Getting 38 MFA prompts when you open the application is somewhat annoying!


At the moment we work around it by closing and opening files as and when required which isn't the end of the world, but it would be much nicer to get one prompt upon connecting to the server rather than for every file opening.


3 people like this

Love the MFA feature, but would be much nicer to only have to perform the MFA operation once every x hours (providing you're coming from the same IP or something)


2 people like this

Hi there,
I see it similarly. The second factor is required when authenticating the user who wants to open the relevant documents. If this authentication was successful, this information should be sufficient for all documents to be opened. I imagine a mechanism here that works in a similar way to the Kerberos tickets in Active Directory.


1 person likes this

Hello,

Any news about this? We're currently using up to 4 documents at the same time and it's very annoying.

Thank you!


Regards,


F


1 person likes this

Hi Flavio,


thanks for the feedback. I moved your idea to the Royal Server forum as this is more like a server feature. We will look into it.


Regards,

Stefan


1 person likes this
I think even a timed MFA prompt would be a great idea. ie you only have to perform the MFA once per 24 hours for example. The prompt per document is incredibly frustrating.

1 person likes this

MFA with a Time-to-Life is implemented at Royal Server BETA.

We configured it to 1 hour, so opening multiple Docs at this timeframe does not require MFA again.


This works great.


Thanks!

Hi everyone,


due to high demand, I'm trying to gather information here, since we're currently looking into supporting further OTP/MFA functionalities within our products.

May I ask everyone which products you are using and how these are configured, so we can do some tests and figure out how to better support these tools?


Thanks & best regards,

Christoph

Hi Christoph,


We use Duo mainly but also have an interest in using Yubikeys.

Currently we mainly use the 'push' functionality of Duo, the the MFA challenge gets sent to each engineer's phone.


Best,
Ryan

Hi Christoph,
In the future, we want to ensure that all admins carry out their administrative tasks exclusively via Royal TS / Royal Server, if possible. For this purpose, the Royal Server is enforced as the only permitted control server via a firewall rule. This means that Royal TS / Royal Server is the only and most important control entity and must be appropriately secured. For this purpose, all authentications should then be provided with MFA. MFA should be integrated into the Royal products in such a way that you do not have to confirm each individual connection request. Since we control many devices that MFA does not offer, Royal TS / Royal Server would be the ideal instance for everyone to retrofit. We are about 10 admins and technicians working with a total of 10 documents. We work most often with RDP, but SSH, TELENT, SFTP, FTP, HTTP and HTTPS are also used. Everyone saves the credetials in a personal document so that they can quickly reach their destination with a double-click. KeePass with the KeePassOTP plug-in installed is used for systems that cannot be called up. It would be very helpful for our work if the first password entry in RoyalTS could be secured with MFA and this successful logons would be automatically adopted for all subsequent registrations. Since the first password entry is currently used to decrypt the personal document, it would also be conceivable to carry out an MFA afterwards.
Greetings Andreas

Authentication is configured on Royal Server and not on a document.

So when connecting to the server password and MFA should match / requested.


Royal Server have to know, that this user may will open multiple documents and let him pass without asking for MFA again.


We are about to adopt the Software, but this basics are missing.

Login or Signup to post a comment