Mirket Help Center
  • Mirket Help Center
    • End User License Agreement
    • Privacy Policy
    • Mirket On Premise
      • Mirket Installation
        • Mirket MFA Installation Requirements
        • Mirket Installation Steps
      • Mirket Admin Panel
        • Dashboard
        • Admin Accounts Configuration
        • User Management
          • Local Users Configuration
          • Local Group Configuration
          • Ldap Users
          • LDAP Group Configuration
        • Rules
          • Radius Rules
            • Radius Clients
            • Radius Rules
            • Authorization Profiles
          • RDP Rules
          • OWA Rules
          • API Rules
            • API Docs
        • Providers
          • Approve / Deny
          • Mirket OTP
          • TOTP
          • SMS Providers
          • Pauth
          • Pauth or Approve/Deny
          • Bypass
        • Logging
          • Radius Logging
          • RDP Logging
          • OWA Logging
          • API Logging
        • Reports
        • Settings
          • General Settings
          • Syslog Settings
          • Notification Settings
          • License
        • Mirket Upgrade Process
      • Mirket Agents
        • Mirket RDP Agent
        • Mirket OWA Agent
      • Mirket MFA App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
        • User not found on logs even user exist
        • Global Protect authentication happened two time while using RADIUS
        • User is not withdrawn from LDAP.
        • Fortigate SSL VPN timeout
        • Provider not found error
        • How to install SSL certificate to Mirket
        • Can a Palo Alto be set up to forward client IP addresses to Mirket?
        • SMS not sent to the phone number
      • Release Notes
        • Mirket Version 4.1.2
        • Mirket Version 4.0.6
        • Mirket Version 4.0.0
        • Mirket Version 3.9.2
    • Mirket SAAS Platform
      • Mirket Gateways Installation Requirements
      • Mirket Portal
        • Dashboard
        • Administration
        • Users
          • LDAP Users
          • Local Users
        • Groups
        • External Sources
          • Active Directory
          • Entra ID (Azure AD)
        • Authentication
          • Radius Rules
          • Proxy Rules
          • OWA Rules
          • ADFS
            • ADFS Management
            • ADFS Agent
          • Custom API
          • OS Logon
            • OS Logon Management
            • OS Logon Agent
        • User Portal
          • User Portal Management
          • User Portal Login Page
          • User Portal Dashboard
        • Connector
          • Radius Gateways
          • LDAP Gateways
          • Proxy Gateways
        • SMS Providers
        • Settings
          • General Settings
          • Syslog
          • Attribute Profiles
      • Monitor
        • Audit Logs
        • Radius Logs
        • Proxy Logs
        • OWA Logs
        • User Portal
        • ADFS Logs
        • OS Logon Logs
      • Mirket Mobile App
      • Integrations
        • Array Networks SSL VPN Integration
        • Barracuda CloudGen Firewall Integration
        • Citrix Integration
        • Cisco ASA Integration
        • Cisco ISE RADIUS Integration
        • Checkpoint SSL VPN Integration
        • CyberArk Integration
        • Dell SonicWall Network Security Appliance Integration
        • Fortigate MFA for admin accounts
        • Fortigate SSL VPN Integration
        • F5 integration
        • Ivanti Pulse Secure Connect Integration
        • Palo Alto MFA for admin accounts
        • Palo Alto SSL VPN Integration
        • Sophos SSL VPN Integration
        • Watchguard SSL VPN Integration
        • Ubuntu Server 22.0.4 SSH connections
        • XLOG Integration
        • VMware Horizon 8 RADIUS Integration
      • Knowledge Base
      • Release Notes
Powered by GitBook
On this page
  • General Overview
  • Preparation Steps
  • Configuring VMware Horizon 8
  • Configure Mirket
  • Add VMware Horizon as a Resource in Mirket with Radius Gateway
  • Configuring Radius Gateway
  • User and Group configuration on Mirket
  • Add a Radius Rule to Mirket
  • Test the Integration
  1. Mirket Help Center
  2. Mirket SAAS Platform
  3. Integrations

VMware Horizon 8 RADIUS Integration

PreviousXLOG IntegrationNextKnowledge Base

Last updated 3 months ago

General Overview

This guide explains the configuration of multi-factor authentication (MFA) for VMware Horizon 8 utilizing Mirket as the identity provider. Prior configuration and deployment of VMware Horizon 8 are required before setting up MFA with Mirket.

VMware Horizon 8 firewall offers various MFA configuration modes. In this integration, we've configured RADIUS authentication with Mirket.

Preparation Steps

Before proceeding with these procedures, ensure the following:

  • You've completed the installation and configuration of the Mirket (go to Mirket Installation Steps).

  • Horizon Connection Server is connected to vCenter Server.

  • The vCenter Server directs a Virtual Machine installed with the Horizon Agent.

  • Within this setup, the Horizon Connection Server has published one or more applications accessible on the Virtual Machine with the Horizon Agent installed.

  • With a user account existing in the Active Directory domain, you can log in to the Connection Server using the Horizon Client and access published applications.

Configuring VMware Horizon 8

  • Access the Horizon Console with an administrator account.

  • Go to Settings > Servers > Connection Servers from the menu. Then choose the existing connection server.

  • Click on Edit. Select the Authentication tab. Then choose the RADIUS option from the 2-factor authentication dropdown list under the Advanced Authentication section.

  • Check the "Enforce 2-factor and Windows user name matching" and "Use the same user name and password for RADIUS and Windows authentication" checkboxes.

  • Choose the Create New Authenticator option from the Authenticator dropdown list.

  • Enter an authenticator name in the Authenticator Name field. In this instance, enter the authenticator name as "Mirket".

  • Click on Next. Input the IP address or host FQDN of the server where the Mirket is installed in the Hostname/Address field.

  • Input "1812" in the Authentication Port field. Then input "0" in the Accounting Port field.

  • Choose the "PAP" option from the Authentication Type dropdown list.

  • Input a shared secret key to communicate with the RADIUS server (Mirket Radius) in the Shared Secret field. In Mirket use this same secret key when configuring a RADIUS client resource.

  • Input "60" in the Server Timeout field. Then input "5" in the Max Attempts field.

  • Keep the remaining settings as default values.

  • Then click on Next and click on Finish to confirm settings.

  • Click on OK to confirm settings.

Configure Mirket

To enable Mirket to receive authentication requests from Horizon Connection Server, follow these steps:

  • Define Horizon Connection Server client as a RADIUS client resource within Mirket.

  • Create an authentication policy for the Horizon Connection Server RADIUS client resource or include it in an existing authentication policy.

  • Attach the Horizon Connection Server resource to the Mirket Radius.

Add VMware Horizon as a Resource in Mirket with Radius Gateway

Before starting, ensure that you have installed Mirket Radius Gateway from the Configuration > Gateway. To add a Radius Gateway to the Mirket, follow these steps:

  • Go to Configuration > Gateway and click on the Add Radius Gateway button.

  • On the displayed screen, enter a name for your Radius Gateway in the Name field.

  • Enter the SAM value of the gateway in the Sam Value field. In Mirket, user identification is done using the SAM (Security Account Manager) name. This is preferred over the standard username. This username is used for authentication and access controls.

  • Enter the IP address of the server where the gateway is installed in the Host IP Address field.

  • Enter the authentication port value you set for the gateway in the Auth Port field. The default value is 1812.

  • Enter the accounting port value you specified for the gateway in the Acc Port field. The default value is 1813. Note: After completing these fields, you must create a RADIUS client for the newly created RADIUS Gateway.

  • Click on the Add Radius Client option at the bottom of the displayed screen.

  • Enter a name for your Radius Client in the Radius Client field.

  • Enter the IP address of the client(firewall) that will communicate with the gateway in the IP Address field.

  • Enter the secret key that the client will communicate with the gateway in the Secret Key field.

  • Click on the Save button to confirm the settings.

Configuring Radius Gateway

  • After creating the Radius Gateway, click on the Download > Config from the menu on the right side of the gateway.

  • This option will generate a script related to the gateway, which will be displayed from the RADIUS Setup config file. The config file will automatically begin downloading once this option is selected.

  • Replace the existing config file in the "C:\MirketRadius" directory with the downloaded file. Alternatively, copy the displayed script and paste it into the config file in "C:\MirketRadius".

  • Then, restart the Mirket Radius Service.

You can check whether the Radius Gateway you created is active by navigating to Configuration > Gateway.

User and Group configuration on Mirket

To set up multifactor authentication, make sure you have at least one user or group in Mirket.

If it is preferred to use a local user, you can first create a local group and then create a local user and make the user a member of the group. Alternatively, you can create a local user without creating a local group.

  • Create a Local Group to add users manually.

  • Add local Mirket users manually.

If it is preferred to use LDAP users, the priority External Source is created by pulling users from Active Directory or OpenLDAP in Mirket. Note: Before proceeding, ensure that you have installed Mirket LDAP Gateway. (Refer to create LDAP Gateway.)

  • Create an External Source to include LDAP users.

  • Sync users from an external user database.

Add a Radius Rule to Mirket

Radius Rules define user access to resources and the authentication methods available (such as SMS, Approve / Deny, OTP, etc.).

First, you should follow these steps:

  • Go to Configuration > Radius Rules.

  • Click on the Add Radius Rule button.

  • On the displayed screen, enter a name for the rule in the Name field.

  • Enter the rule description in the Description field.

  • Select the Radius Client to which the rule will apply from the Radius Client dropdown list.

  • Enter the source IP addresses to which the rule will apply in the Source Adress field.

  • Select the source countries where the rule will be applied from the Source Country dropdown list.

  • Click on the Next button.

  • Specify whether the rule will be applied to a user or a group.

  • After specifying, click on the Next button.

  • Select the users or groups to which the rule will apply. Transfer your selections to the Selected Users/Groups table by clicking the arrow icon next to the Available Users/Groups table.

  • Click on the Next button.

  • Select the time period when the rule will run.

    • All: The rule will run every day.

    • Recurring: The rule will run on the specified days and times.

    • One Time: The rule will run within the date range you specify.

  • After selecting, click on the Next button.

  • Specify whether the user or group will be granted access based on the rule in the Action field.

  • Select the authentication provider to which the rule will apply from the Auth Method dropdown list.

  • Click on Save to confirm the settings.

Test the Integration

To validate the integration between Mirket MFA and your VMware Horizon 8, perform authentication using a mobile token on your mobile device. For RADIUS resources, available authentication methods include Approve/Deny authentication.

In this example, we illustrate the use of the Approve/Deny authentication method.

  • Launch VMware Horizon Client.

  • Connect to Horizon Connection Server external FQDN.

  • Enter your Mirket username and your password.

  • Input your password in the Password field.

  • Click on Login. Then, select the 'Approve' option(found in the Mirket mobile app) immediately and make sure it doesn't time out.

Related Topics

Radius Clients

Radius Rules

Local Group Configuration

Local Users Configuration

LDAP Group Configuration

LDAP Users