it's very important to me and my colleagues to get a user-friendly Push-Token (like Approve or Biometrics) method for RDS-Applications.
I already had a look into the Windows MFA Agent, but actually there are some problems, like users have to input their "domain\username" for authentication. I didn't find any solution for this problem, yet.
So today I had a look into the new Patch for Authentication Manager 8.4, as it brings a Cloud-Integration for existing Authentication Agents (integrated into AM). This generally works great, but the users in our company will get confused if they have to enter a PIN for their tokens (actually we have disabled Token-PINs).
In my opinion the authentication process should look like this:
- User opens RDS-App i.e. via RDS-Website
- On the Windows Logon-Screen:
Agent uses automatically last working Token-Method
(User optional has the choice about available Token-Methods)
- User automaticall get's Approve-Notification or enters his Token Code and is Authenticated
I think this 3 steps are like it's on MFA-Enabled "MyPage". I'm sure this solution / way of authentication is very user-friendly.
Does anyone know a way to get it working like the above mentioned steps?
Or is there any new MFA Agent in progress which will work like this?