DIGIPASS Authentication for VMware Horizon Workspace · PDF fileDIGIPASS Authentication for...

Click here to load reader

  • date post

    11-Sep-2018
  • Category

    Documents

  • view

    225
  • download

    0

Embed Size (px)

Transcript of DIGIPASS Authentication for VMware Horizon Workspace · PDF fileDIGIPASS Authentication for...

  • DIGIPASS Authentication for VMware Horizon Workspace

    INTEGRATION GUIDE

  • 1 DIGIPASS Authentication for VMware Horizon Workspace

    DIGIPASS Authentication for VMware Horizon Workspace

    Disclaimer

    Disclaimer of Warranties and Limitation of Liabilities

    All information contained in this document is provided 'as is'; VASCO Data Security assumes no

    responsibility for its accuracy and/or completeness.

    In no event will VASCO Data Security be liable for damages arising directly or indirectly from any

    use of the information contained in this document.

    Copyright

    Copyright 2013 VASCO Data Security, Inc, VASCO Data Security International GmbH. All

    rights reserved. VASCO, Vacman, IDENTIKEY AUTHENTICATION , aXsGUARD and

    DIGIPASS logo are registered or unregistered trademarks of VASCO Data Security, Inc.

    and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data

    Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under al l

    title, rights and interest in VASCO Products, updates and upgrades thereof, including

    copyrights, patent rights, trade secret rights, mask work rights, database rights and all other

    intellectual and industrial property rights in the U.S. and other countries. Microsoft and

    Windows are trademarks or registered trademarks of Microsoft Corporation. Other names may

    be trademarks of their respective owners.

  • 2 DIGIPASS Authentication for VMware Horizon Workspace

    DIGIPASS Authentication for VMware Horizon Workspace

    Table of Contents

    1 Overview................................................................................................................... 4

    2 Technical Concepts ................................................................................................... 5

    2.1 VMware................................................................................................................ 5

    2.1.1 Horizon Workspace .......................................................................................... 5

    2.2 VASCO ................................................................................................................. 5

    2.2.1 IDENTIKEY Federation Server ........................................................................... 5

    2.2.2 IDENTIKEY Authentication Server ...................................................................... 5

    3 Configuration Details ................................................................................................ 7

    3.1 Architecture .......................................................................................................... 7

    3.2 Pre-requisites ....................................................................................................... 7

    3.3 IDENTIKEY Federation Server ................................................................................. 7

    3.3.1 Add application ............................................................................................... 7

    3.3.2 Adapt Meta-Data ............................................................................................. 8

    3.4 VMware Horizon Workspace .................................................................................... 8

    3.4.1 Pre-Configuration ............................................................................................ 8

    3.4.2 Adding Authentication Method .......................................................................... 9

    3.4.3 Adding Identity provider .................................................................................. 9

    3.4.4 Apply Policy set to Web Application ................................................................. 10

    4 Testing the Solution ................................................................................................ 13

    4.1 Authentication using built-in Horizon Workspace Connector ...................................... 13

    4.2 Authentication using IDENTIKEY Federation Server .................................................. 13

    4.3 Changing Default Access Policy Set........................................................................ 14

    4.3.1 Overview ..................................................................................................... 14

    4.3.2 Solution Test ................................................................................................ 15

  • 3 DIGIPASS Authentication for VMware Horizon Workspace

    DIGIPASS Authentication for VMware Horizon Workspace

  • 4 DIGIPASS Authentication for VMware Horizon Workspace

    DIGIPASS Authentication for VMware Horizon Workspace

    1 Overview

    IDENTIKEY Federation Server

    Ifs.vasco.be10.4.0.198

    IDENTIKEY Authentication Server

    10.4.0.13

    RADIUS

    VMware Horizon Workspaceworkspace.vmware.com

    10.4.0.201

    SAML v2.0

    SSL

  • 5 DIGIPASS Authentication for VMware Horizon Workspace

    DIGIPASS Authentication for VMware Horizon Workspace

    2 Technical Concepts 2.1 VMware

    2.1.1 Horizon Workspace

    Horizon Workspace provides an integrated workspace that delivers the right applications and data

    on any device, which promotes employee productivity without compromising security or IT

    control.

    As an IT administrator, you can use the Web-based management platform to create customized

    sets of applications and data access (workspaces) for end users, including setting security policies

    and application entitlements. Using their desktops, mobile browsers, or mobile applications,

    employees can gain access to work resources, including shared corporate documents and many

    types of applications, customized based on their entitlements and devices.

    VMware Horizon Workspace provides secure access to applications and data on any mobile device

    or computer, enhancing the end user experience while reducing management costs. Horizon

    Workspace provides an easy way for end users to access applications and files on any device,

    while at the same time enabling IT to deliver, manage, and secure these assets centrally. Horizon

    Workspace provides secure, single sign-on to applications, data, and virtual desktops from any

    computer or mobile device, and meets the challenges of todays changing Bring Your Own Device

    (BYOD) and mobile environments.

    Horizon Workspace benefits both end users and IT administrators. Horizon Workspace provides

    end users with a single workspace for all applications and data, as well as seamless file sharing. It

    enables IT administrators to manage users instead of devices and to offer advanced security and

    protection of corporate data.

    2.2 VASCO

    2.2.1 IDENTIKEY Federation Server

    IDENTIKEY Federation Server (IFS) is a virtual appliance providing you with the most powerful

    identity and access management platform. It is used to validate user credentials across multiple

    applications and disparate networks.

    The solution validates users and creates an identity ticket, enabling online single sign-on for

    different applications across organizational boundaries. As validated credentials can be reused,

    once a users identity is confirmed access to authorized services and applications is granted.

    Users can securely switch between the different applications and collaborate with colleagues,

    business partners, suppliers, customers, and partners, using one single identity.

    IDENTIKEY Federation Server functions as an identity provider within the local organization but it

    can also delegate authentication requests (for unknown users) to other identity providers. In a

    federated model, IDENTIKEY Federation Server does not only delegate authentication requests to

    but also receives requests from other identity providers when local users want to access

    applications from other organizations within the same federated infrastructure.

    2.2.2 IDENTIKEY Authentication Server

    IDENTIKEY Authentication Server (IAS) is an off-the-shelf centralized authentication server that

    supports the deployment, use and administration of DIGIPASS strong user authentication. It

  • 6 DIGIPASS Authentication for VMware Horizon Workspace

    DIGIPASS Authentication for VMware Horizon Workspace

    offers complete functionality and management features without the need for significant budgetary

    or personnel investments.

    IDENTIKEY Authentication Server is supported on 32bit systems as well as on 64bit systems.

    IDENTIKEY Appliance is a standalone authentication appliance that secures remote access to

    corporate networks and web-based applications.

    The use and configuration of an IDENTIKEY Authentication Server and an IDENTIKEY

    Appliance is similar.

  • 7 DIGIPASS Authentication for VMware Horizon Workspace

    DIGIPASS Authentication for VMware Horizon Workspace

    3 Configuration Details 3.1 Architecture

    IDENTIKEY Federation Server

    Ifs.vasco.be10.4.0.198

    VMware Horizon Workspaceworkspace.vmware.com

    10.4.0.201

    SAML v2.0

    3.2 Pre-requisites

    A basic configured VMware Workspace Environment.

    Information can be found here: http://www.vmware.com/files/pdf/techpaper/vmware-

    horizon-workspace-reviewers-guide.pdf

    Basic configured IDENTIKEY Federation Server

    Metadata file of the VMware Horizon

    o Log in to the Administrator