The left side in the diagram (covered in Step 1 below) represents your corporate data center with your on-premises AD connected to your RADIUS/MFA infrastructure that will provide the RADIUS user authentication. The following network diagram shows the components you must have running to enable RADIUS/MFA for Amazon WorkSpaces.
#Mfa code amazon workspaces how to#
To learn more about how to set up Microsoft AD and create trust relationships to enable Amazon WorkSpaces users to use AD on-premises credentials, see Now Available: Simplified Configuration of Trust Relationship in the AWS Directory Service Console. A trust relationship between your Microsoft AD and on-premises AD directories.The solution in this blog post assumes that you already have the following components running: In this blog post, I show how to enable MFA for your Amazon WorkSpaces users in two steps: 1) Configure your RADIUS/MFA server to accept Microsoft AD requests, and 2) configure your Microsoft AD directory to enable MFA. For the purposes of this blog post, I will use “RADIUS/MFA” to refer to your on-premises RADIUS and MFA authentication solution. The RADIUS server connects to your on-premises AD to authenticate and authorize users. RADIUS is an industry-standard client/server protocol that provides authentication, authorization, and accounting management to enable users to connect network services.
To enable MFA for AWS services such as Amazon WorkSpaces and QuickSight, a key requirement is an MFA solution that is a Remote Authentication Dial-In User Service (RADIUS) server or a plugin to a RADIUS server already implemented in your on-premises infrastructure. These factors together provide additional security by preventing access to AWS services, unless users supply a valid MFA code.
#Mfa code amazon workspaces password#
MFA adds an extra layer of protection to a user name and password (the first “factor”) by requiring users to enter an authentication code (the second factor), which has been provided by your virtual or hardware MFA solution. You can now enable multi-factor authentication (MFA) for users of AWS services such as Amazon WorkSpaces and Amazon QuickSight and their on-premises credentials by using your AWS Directory Service for Microsoft Active Directory directory, also known as AWS Microsoft AD.
0 kommentar(er)
