![]() Next up is to create an active directory group for users that are allowed to authenticate against multiotp. ![]() Just a normal domain users without any special rights or groups is fine! ()įirst we will need to create a multiotp service user in active directory, this user is used by multiotp to authenticate and sync the users from ad. In the same folder of the powershell script download version 5.1.1.2 of the multiotp zip file. (If you want to install it to a separate server, this is possible, but your need to change the $server_name in the script…)Ĭopy the powershell script from this blog post to a folder on your domain controller.ĭownload and install powershell version 5.1 (), else the included script will not work. Powershell script included in this blog post -> multiotp-setupįor the purpose of this blog the script can only function on a domain controller.a working domain controller ( in the extra’s below i have a cloudformation template that deploys a new domain controller in an new domain for testing purposes).So the components you already need in place are: This also implies that you have your own active directory domain to connect the AD connector to. User is authenticated and allowed to login to his workspacesĪws only has the multi factor authentication option for the directory service “AD Connector”.The ad connector will proxy all the user authentication details to active directory and multiotp radius.User will authenticate with the ad connector.Workspaces client will connect to a workspaces endpoint of amazon registered to his aws account.The authentication flow ‘high” level will be: On this domain controller i will install Multiotp webservice and the Multiotp radius service through a powershell script. The time of writing this article version 5.1.1.2 was release so this post is based on this version.įor the purpose of this blog post i will be using a standard windows 2012R2 server promoted to a domain controller. This is a nice package which included, nginx as a webserver, the php based multiotp webservice, and a radius server based on freeradius. We will be using the opensource version of Multiotp for windows. This post will guide you through the steps needed to setup multi-factor authentication for your workspaces. There are however some prerequisites for this. If you want to have an extra layer of security on your workspaces environment, AWS allows you to configure multi factor authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |