2FA in a session-initiated scenario

In a session-initiated scenario, when a user starts a session from putty (or from the RDP client) he has to authenticate himself to be recognised as a USER and also for 2FA (with Azure).

What happens if the user starts other sessions? Does he have to authenticate for each session both as USER and also to 2FA or does the first and only authentication to 2FA apply?

It is a little bit complicated but please tell me if it is all clear.

thank you so much!!

Parents Reply
  • 1. SPP initiated workflow, yes you can enable Login to SPP with external federation via Azure and enable MFA on Azure AD \ Entra ID side then session requests would not require additional MFA from SPP side

    2. SPS initiated workflow that depends on SPP for credential injection,

    RDP would require RDP Gateway authentication which supports (Active Directory or Local User Database)

    SSH would require SPS Gateway authentication which supports (Password, Public Key, or Kerberos)

    There is no current AA plugin that is officially supported for Azure login but only experimental at this point.

    Thanks!

Children