We have a On Premise VSA running V 9.3 and was looking at leveraging the Microsoft MFA Server to enable 2FA for our VSA as an added level of security.
Is there anyone who have successfully implemented such a setup and if so could you advise on how this could be configured?
NB - We are not looking at using the AuthAnvil option for this at this stage.
Interested as well.
In my case, we are an MSP. Clients are asking for AzureAD integration for VSA access.
I was told that it is impossible, AuthAnvil is currently the only way unfortunately.
We have done this, sort of. We can't use the native MFA integration with VSA as that only works with AuthAnvil. But, VSA supports standard SAML so we can ADFS with Azure MFA integration (for example) to do SSO. So the login including MFA is handled by ADFS and we then just pass SAML back to VSA for pre-authenticated users.
The user experience is such that users can't login directly using VSA but they have to go via the ADFS portal instead.
We haven't done this natively in Azure AD but it may well be possible. Happy to share our transform rules etc. within ADFS if this helps others.
As Randy indicates it is possible to accomplish using SAML and that works very well if you have a single organization to use MFA with. If, however, you are an MSP and you have clients also using your VSA then the SAML solution is not viable.
We have gotten that far with SAML but I wouldn't say it works very well or is a good user experience at all.
Yes, it would be great to see how this is setup on ADFS as we have not tried this one before. If you could share these rules that would be good.
Any chance you could share how you set that up?
We don't allow clients to access VSA so we don't have that complication.
Would it be possible to get a copy of your mappings? I am trying to use Duo via SAML and am falling short somewhere, and I'm hoping that the mapping from a working environment might help drive me in the right direction. Thanks!