2FA is a hard requirement from our security team. What progress or updates can you provide for this feature?
Thanks
Dan
Yeah, We've hit the MFA roadblock in our evaluation as well. I can't propose Royal TS as a solution without it, we've just deployed DUO on our jump environment as an audit requirement and it's non negotiable :(
I am thinking of trying to leverage a linux openssh securegateway with powershell core installed and use PSSession to scan Dynamic folder via SSH. In theory I should be able to use the duo linux client to protect sshd and have it fire that way. I'll report back if this approach is viable
Any update on MFA for Royal Gateway?
Any news on this?
I am evaluating RoyalServer for use in our environment and MFA on the Secure Gateway is an absolute must for us as well. Has this feature been officially added to the product roadmap?
This would be an awesome feature.
Thanks, Dan. We will look into it and update this thread once we have something to share.
This is already available, any idea hot to use this feature?
Is the beta implementing MFA available now ? If so what's the process for getting it ?
Hey Stefan,
Any idea on when this will come out of beta and into the stable version?
okay, finally got this working today and first impressions are good.
A few suggestions
1) When adding the MFA users and the standard windows "Select Users or Groups" comes up, it would be good to default to Entire directory if the server is in a domain. An alternate would be to detect where in the tree the last search was performed from and repeat the use of that node unless changed.
Adding a number of domain users gets old real quick when having to keep switching from the local server to the domain :(
2) I'd like the ability to add both the user_id and the cache timeout to the MFA userlist via the column chooser. In general I think you should have the option of seeing every value presented in the user that exists in the edit field for a user
All in all this is really promising and I'm looking forward to seeing where it ends up ! It helps enormously with the sell job to management both of Royal TS and RoyalServer
Hi Stephen,
you can find our beta versions here: https://www.royalapps.com/go/kb-all-downloadbeta
Docs are still a work in progress but can be found here: https://docs.royalapps.com/r2022/royalserver/management/multi-factor-authentication/index.html
Please make sure you test beta versions on non-production/non-critical machines and make backups of your files/settings before you proceed.
Regards,
Stefan
Hi Christopher,
yes the Google TOTP and Duo will be applicable to the Document Store AND Secure Gateway Connections. Regarding release date, I'm not sure what I can tell you, we can ship it when it's ready. Implementing something like this takes time and needs to be tested. I hope it will be on time for you.
Regards,
Stefan
Looks like this is the Royal Server V5 BETA Version now.
I just want to say I've installed damn. I am so impressed with how this is implemented! Great work on this!
Only suggest I can think to make really is on the "Opening Tunnel....." I would love to see a "Awaiting 2FA" or something like that.
Other than this, honestly excellent job here.
Massameno, Dan
=== Feature Enhancement Request ===
We're trying out the Multifactor Authentication (MFA, a.k.a, two-factor or 2FA) feature on the Document Store on Royal Server. It works great! But that's not quite what we needed.
Can we do MFA on the Royal Server Secure Gateway? For instance, when the engineers arrive in the morning they would have to MFA to get their first connection through the Secure Gateway but after that, all new sessions would go through the Secure Gateway without re-checking the MFA.
There should probably be a setting for Maximum-Session-Time to time-out the session and force the MFA to repeat. We'd probably set ours to 30 hours or something to let users get a full day's work in.
We use Duo Security here but the Microsoft Authenticator is a valid second option for us.
Thank you.
11 people like this idea