Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated to Smart ID names

This article describes how to enable Nexus OTP in Smart ID Digital Access component (Hybrid Access Gateway) as two-factor authentication method for VMware Horizon View, to replace static passwords. 

Nexus OTP can be either Nexus TruID Synchronized or Smart ID Mobile App (Personal Mobile) OTP, or any other OATH-based mobile OTP application, such as Google Authenticator or Microsoft Authenticator. 

With the setup described in this article, Nexus Hybrid Digital Access Gateway functions as a RADIUS server and VMware Horizon View as a RADIUS client. Nexus TruID is used as an example below and is available for iOS, Android, and Windows.


Expandall

Expand
titleNetwork schematic for Nexus OTP authentication

  1. The administrator configures VMware Horizon View to use RADIUS Authentication.
  2. The incoming authentication request is relayed over to the Hybrid the Digital Access Gateway Authentication Server via Radius
  3. If the user exists, it then checks the token associated with the user for the expected PIN + One-time password.
  4. Once the PIN + One-time password is verified against the user’s token and it is valid, it will then send an access accepted


Prerequisites

Expand
titlePrerequisites

Make settings

in Hybrid

in Digital Access

Gateway

Expand
titleLog in to Hybrid Digital Access Gateway administration interfaceAdmin
  1. Log in to the Hybrid Access Gateway administration interface with your admin userDigital Access Admin with an administrator account.


Expand
titleAdd VMware Horizon as a RADIUS client


Note

In step 3, enter the IP Address of the RADIUS Client (VMware Horizon View) and the Shared Secret Key.

Excerpt Include
Set up RADIUS client in Digital Access
Set up RADIUS client in Digital Access
nopaneltrue


Expand
titleEnable authentication method

Nexus TruID Synchronized is used as an example. Other Nexus OTP authentication methods are enabled in a similar way.

Note
  • In step 3, select Nexus Synchronized as method.
  • When the default RADIUS replies are shown, click Next. You can also add your custom RADIUS replies or modify the default replies if required.

Excerpt Include
Set up authentication method in Digital Access
Set up authentication method in Digital Access
nopaneltrue

Make settings in VMware Horizon View

Expand
titleAdd Hybrid Digital Access Gateway as RADIUS Server
  1. Log in to the VMware Horizon View administrator console on the VMware Horizon View connection server.
  2. Expand View Configuration and select Servers. Highlight your VMware Horizon View connection server entry on the Connection Servers tab.

  3. Click Edit.

  4. In the Edit Connection Server Settings dialog box, go to the Authentication tab.

  5. In the Advanced Authentication section:

    1. Select RADIUS from the 2-factor authentication drop-down list.

    2. Select Create New Authenticator from the Authenticator drop-down list.

    3. To enforce the RADIUS user names to match the user names in Active Directory, check Enforce 2-factor and Windows user name matching in the Advanced Authentication section.
  6. In the Add RADIUS Authenticator dialog box, enter the details of the Hybrid Digital Access Gateway RADIUS Server.
  7. Click Next and enter the details of a secondary RADIUS authentication server if desired, then click Finish.
  8. Click OK to apply the settings. The settings take effect immediately.

Example: Log in to VMware Horizon View

The following example shows how an end user logs in, using Nexus TruID synchronized. Other Nexus OTP methods can be used in a similar way. 

Expand
titleExample: Use Nexus TruID as 2FA to log in to VMware Horizon View
  1. Start Nexus TruID that is installed on your laptop or smartphone - Enter your PIN to generate an OTP.

  2. On a workstation with VMware Horizon View client installed, launch the application and enter the IP address or DNS name of the VMware Horizon View Connection server. Click Connect
  3. When prompted, enter your Hybrid your Digital Access Gateway user name and one-time password, and click Login.
  4. If the Hybrid the Digital Access Gateway authentication is successful, continue the logon process by entering the required Active Directory credentials.