thanks for the feedback. I moved your idea to the Royal Server forum as this is more like a server feature. We will look into it.
Any news about this? We're currently using up to 4 documents at the same time and it's very annoying.
We allocate files based on user access as there's no concept of ACL type permissions in TSX to have granular permissions within the file.
In our case we have 38 files which could quite possibly all be open at the same time. Getting 38 MFA prompts when you open the application is somewhat annoying!
At the moment we work around it by closing and opening files as and when required which isn't the end of the world, but it would be much nicer to get one prompt upon connecting to the server rather than for every file opening.
Love the MFA feature, but would be much nicer to only have to perform the MFA operation once every x hours (providing you're coming from the same IP or something)
I see it similarly. The second factor is required when authenticating the user who wants to open the relevant documents. If this authentication was successful, this information should be sufficient for all documents to be opened. I imagine a mechanism here that works in a similar way to the Kerberos tickets in Active Directory.
due to high demand, I'm trying to gather information here, since we're currently looking into supporting further OTP/MFA functionalities within our products.
May I ask everyone which products you are using and how these are configured, so we can do some tests and figure out how to better support these tools?
Thanks & best regards,
We use Duo mainly but also have an interest in using Yubikeys.
Currently we mainly use the 'push' functionality of Duo, the the MFA challenge gets sent to each engineer's phone.
In the future, we want to ensure that all admins carry out their administrative tasks exclusively via Royal TS / Royal Server, if possible. For this purpose, the Royal Server is enforced as the only permitted control server via a firewall rule. This means that Royal TS / Royal Server is the only and most important control entity and must be appropriately secured. For this purpose, all authentications should then be provided with MFA. MFA should be integrated into the Royal products in such a way that you do not have to confirm each individual connection request. Since we control many devices that MFA does not offer, Royal TS / Royal Server would be the ideal instance for everyone to retrofit. We are about 10 admins and technicians working with a total of 10 documents. We work most often with RDP, but SSH, TELENT, SFTP, FTP, HTTP and HTTPS are also used. Everyone saves the credetials in a personal document so that they can quickly reach their destination with a double-click. KeePass with the KeePassOTP plug-in installed is used for systems that cannot be called up. It would be very helpful for our work if the first password entry in RoyalTS could be secured with MFA and this successful logons would be automatically adopted for all subsequent registrations. Since the first password entry is currently used to decrypt the personal document, it would also be conceivable to carry out an MFA afterwards.
Authentication is configured on Royal Server and not on a document.
So when connecting to the server password and MFA should match / requested.
Royal Server have to know, that this user may will open multiple documents and let him pass without asking for MFA again.
We are about to adopt the Software, but this basics are missing.
MFA with a Time-to-Life is implemented at Royal Server BETA.
We configured it to 1 hour, so opening multiple Docs at this timeframe does not require MFA again.
This works great.
Flavio Francesco Tasende
Here in my company all the techincians have RoyalTS that automatically opens on startup their own local RTSX document and two/three Royal Server documents with Google OTP.
It's very annoying that we have to enter the OTP for every document, is it possible to have the ability to enter the OTP just once for all the documents?
3 people like this idea