Multi-Factor-Authentication (MFA) is becoming more and more important to raise the security level of applications. Integration of NICE DCV and EnginFrame with MFA is easy and adds additional security.
MFA for NICE DCV
MFA typically integrates with PAM on the DCV server side in case of Linux. MFA integrations typically support
as well as other authentication backends.
Here is the MFA authentication flow with PAM integration using an example MFA application. Other MFA applications like Microsoft Authenticator or OKTA (please see below) are supported as well:
After acknowledging the MFA authorization request in the application e.g. on the mobile phone the login process is finished and the user logged in.
The same approach can be used to apply MFA to authenticate users when login into EnginFrame.
EnginFrame SSO and MFA with OKTA
The AWS team has created a guide how to integrate EnginFrame with OKTA to provide Single-Sign-On and MFA.
NICE DCV External Authentication
NICE DCV offers an external authentication mechanism which allows to e.g. verify a token which has been sent with the DCV login request and delegate the authentication to an authentication verification script.
External authentication is e.g. used with the EnginFrame Views session management integrated with DCV to provide single-sign on (SSO) for Linux VDI sessions.
You can read more about NICE DCV external authentication at: https://docs.aws.amazon.com/dcv/latest/adminguide/external-authentication.html. A sampe external authentication implementation python script can be found in the NICE DCV Linux distribution.