Multi-Factor-Authentication (MFA) for DCV and EnginFrame

Multi-Factor-Authentication (MFA) is becoming more and more important to raise the security level of applications. Integration of NICE DCV and EnginFrame with MFA is easy and adds additional security.

MFA for NICE DCV

MFA typically integrates with PAM on the DCV server side in case of Linux. MFA integrations typically support

  • LDAP
  • Radius

as well as other authentication backends.

Here is the MFA authentication flow with PAM integration using an example MFA application. Other MFA applications like Microsoft Authenticator or OKTA (please see below) are supported as well:

User logs in
User receives a request to acknowledge the login request e.g. on the mobile phone
User approves the login by clicking on the green button
And gets approved and logged in

After acknowledging the MFA authorization request in the application e.g. on the mobile phone the login process is finished and the user logged in.

The same approach can be used to apply MFA to authenticate users when login into EnginFrame.

EnginFrame SSO and MFA with OKTA

The AWS team has created a guide how to integrate EnginFrame with OKTA to provide Single-Sign-On and MFA.

NICE DCV External Authentication

NICE DCV offers an external authentication mechanism which allows to e.g. verify a token which has been sent with the DCV login request and delegate the authentication to an authentication verification script.

External authentication is e.g. used with the EnginFrame Views session management integrated with DCV to provide single-sign on (SSO) for Linux VDI sessions.

You can read more about NICE DCV external authentication at: https://docs.aws.amazon.com/dcv/latest/adminguide/external-authentication.html. A sampe external authentication implementation python script can be found in the NICE DCV Linux distribution.

Let us know if you have any questions regards MFA integration via our contact form. More background on NICE DCV and NICE DCV Tips and Tricks.