VERDE Multi-Factor Authentication as of VERDE 8.2.7

VERDE Multi-Factor Authentication as of VERDE 8.2.7

Product Line:  VERDE

The long awaited feature is available:  Mutli-Factor Authentication (MFA).

This article describes the VERDE MFA feature and its installation.

Overview

The Google Authenticator Mobile App is required. The end user must install this app on their iOS or Android mobile device.
      Android:
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
      iOS: https://apps.apple.com/us/app/google-authenticator/id388497605

MFA is enabled in Desktop Policy settings. This provides the administrator with the flexibility to determine which desktops should be protected by MFA. For example, the VERDE system may have a Gold Image that is used as a Kiosk browser. This type of desktop may not require MFA protection. Other desktops that include access to sensitive apps or data can be selected to be protected by MFA. 

Active Directory integration is implicitly supported.

MFA is applicable to both VDI and Remote Access desktops.

The first time a user attempts to access a desktop with MFA protection they must use the Google Authenticator mobile app to scan a QR code. This establishes the MFA configuration for that user in the VERDE system.

This same MFA configuration is used for any other MFA protected desktop – i.e., the QR code scanning step is one-time only.

The VERDE Cluster Master database manages the list of user profiles that have enabled MFA.

The VERDE Management Console includes a UI to allow the administrator to view and remove MFA for specific users. This may be required if a user loses or replaces their mobile device. The administrator must remove the MFA configuration for that user. This will allow the user to authenticate their new mobile device using Google Authenticator.

MFA has been implemented in two VERDE software clients:

      • VERDE Software Client
      • Korean VERDE Software Client

Both clients share the same MFA configuration. i.e., if MFA is setup using the VERDE Software Client then the Korean VERDE Software Client will be aware of that configuration. There is no requirement to scan the QR code setup separately in both clients.


Setting up MFA for a Desktop




VERDE Software Client Flow  









Korean VERDE Software Client Flow  






Managing MFA User Configurations




Google Authenticator – iOS Version