Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

This article describes how to enable Nexus OTP in Smart ID Digital Access component (Hybrid Access Gateway) as two-factor authentication method for VMware Horizon View, to replace static passwords. 

Nexus OTP can be either Nexus TruID Synchronized or Smart ID Mobile App (Personal Mobile) OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator. 

With the setup described in this article, Digital Access functions as a RADIUS server and VMware Horizon View as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.


Expand/Collapse All

 Network schematic for Nexus OTP authentication

  1. The administrator configures VMware Horizon View to use RADIUS Authentication.
  2. The incoming authentication request is relayed over to the Digital Access Authentication Server via Radius
  3. If the user exists, it then checks the token associated with the user for the expected PIN + One-time password.
  4. Once the PIN + One-time password is verified against the user’s token and it is valid, it will then send an access accepted

Prerequisites

 Prerequisites

Make settings in Digital Access

 Log in to Digital Access Admin
  1. Log in to Digital Access Admin with an administrator account.
 Add VMware Horizon as a RADIUS client

In step 3, enter the IP Address of the RADIUS Client (VMware Horizon View) and the Shared Secret Key.

  1. In Digital Access Admin, go to Manage System.
  2. Click RADIUS Configuration > Add RADIUS Client...
  3. Enter General Settings and Attributes. Click the ?-sign for help.
  4. Click Save.

 Enable authentication method

Nexus TruID Synchronized is used as an example. Other Nexus OTP authentication methods are enabled in a similar way.

  • In step 3, select Nexus Synchronized as method.
  • When the default RADIUS replies are shown, click Next. You can also add your custom RADIUS replies or modify the default replies if required.

To add a new authentication method:

  1. In Digital Access Admin, go to Manage System.
  2. Click Authentication Methods.
  3. Click Add authentication method..., select the desired method and click Next.

  4. Enter Display Name, a unique name used in the system to identify the authentication method.
  5. Select if the method shall be enabled and if it shall be visible in authentication menu.
  6. Register Authentication Methods Server when applicable.
  7. Make other configurations as needed for the selected authentication method. For more information , click the ?-sign. Click Next.
  8. If needed, make settings in RADIUS Replies and Extended Properties.
  9. Click Next and Finish.
  10. Click Publish.

Make settings in VMware Horizon View

 Add Digital Access as RADIUS Server
  1. Log in to the VMware Horizon View administrator console on the VMware Horizon View connection server.
  2. Expand View Configuration and select Servers. Highlight your VMware Horizon View connection server entry on the Connection Servers tab.

  3. Click Edit.

  4. In the Edit Connection Server Settings dialog box, go to the Authentication tab.

  5. In the Advanced Authentication section:

    1. Select RADIUS from the 2-factor authentication drop-down list.

    2. Select Create New Authenticator from the Authenticator drop-down list.

    3. To enforce the RADIUS user names to match the user names in Active Directory, check Enforce 2-factor and Windows user name matching in the Advanced Authentication section.
  6. In the Add RADIUS Authenticator dialog box, enter the details of the Digital Access RADIUS Server.
  7. Click Next and enter the details of a secondary RADIUS authentication server if desired, then click Finish.
  8. Click OK to apply the settings. The settings take effect immediately.

Example: Log in to VMware Horizon View

The following example shows how an end user logs in, using Nexus TruID synchronized. Other Nexus OTP methods can be used in a similar way. 

 Example: Use Nexus TruID as 2FA to log in to VMware Horizon View
  1. Start Nexus TruID that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.

  2. On a workstation with VMware Horizon View client installed, launch the application and enter the IP address or DNS name of the VMware Horizon View Connection server. Click Connect
  3. When prompted, enter your Digital Access user name and one-time password, and click Login.
  4. If the Digital Access authentication is successful, continue the logon process by entering the required Active Directory credentials.