Kaseya Community

Use of Microsoft MFA to Manage 2FA for Kaseya On Premise Server

This question is not answered

We have a On Premise VSA running V 9.3 and was looking at leveraging the Microsoft MFA Server to enable 2FA  for our VSA as an added level of security. 

Is there anyone who have successfully implemented such a setup and if so could you advise on how this could be configured?

NB - We are not looking at using the AuthAnvil option for this at this stage.

Regards

Randy

All Replies
  • Interested as well.

  • Mee too.

    In my case, we are an MSP. Clients are asking for AzureAD integration for VSA access.

  • I was told that it is impossible, AuthAnvil is currently the only way unfortunately.

  • We have done this, sort of. We can't use the native MFA integration with VSA as that only works with AuthAnvil. But, VSA supports standard SAML so we can ADFS with Azure MFA integration (for example) to do SSO. So the login including MFA is handled by ADFS and we then just pass SAML back to VSA for pre-authenticated users.

    The user experience is such that users can't login directly using VSA but they have to go via the ADFS portal instead.

    We haven't done this natively in Azure AD but it may well be possible. Happy to share our transform rules etc. within ADFS if this helps others.

  • As Randy indicates it is possible to accomplish using SAML and that works very well if you have a single organization to use MFA with.  If, however, you are an MSP and you have clients also using your VSA then the SAML solution is not viable.

  • We have gotten that far with SAML but I wouldn't say it works very well or is a good user experience at all.

  • Hi gkhewitt

    Yes, it would be great to see how this is setup on ADFS as we have not tried this one before. If you could share these rules that would be good.

    Regards

    Randy

  • Any chance you could share how you set that up?

    We don't allow clients to access VSA so we don't have that complication.

  • Hi gkhewitt

    Yes, it would be great to see how this is setup on ADFS as we have not tried this one before. If you could share these rules that would be good.

    Regards

    Randy