MFA in Web GUI for first login possible?

Forum / NoMachine Terminal Server Products / MFA in Web GUI for first login possible?

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #47275
    mwdb
    Participant

    Hi,
    in the past we used a remote access solution in which it was possible for the user to create a 2fa code with the first login within the webgui.  And it was also possible to reset the 2fa within the GUI.

    Now we are trying to implement 2factor in NoMachine and it looks like we have to create 2fa first (we use google auth and with that the user has to login to the terminal to create the 2fa) and then we can login with password and 2fa in NoMachine.

    This is not really practical for remote-only users.

    Does anyone know a solution to this problem?

    Thanks in advance.

    #47326
    Britgirl
    Keymaster

    In NoMachine, MFA relies on the MFA already configured in the system and it cannot be configured directly in the NoMachine GUI.

    You submitted this topic in Terminal Server products, so that means you are using Linux (if you have a subscription please consider submitting a support enquiry in your customer area). I’m not sure whether you already followed the instructions in the article about 2FA here: https://kb.nomachine.com/AR12L00828 (see section 3.2. Example 2: use Google Authenticator and also Example 4). There’s something not clear in what you wrote. The correct steps for the end user should be:

    1) start the nomachine connection
    2) input your username and password
    3) input the Authentication code (from the google authenticator on the mobile app)

    Is this what your users are seeing?

    #47327
    mwdb
    Participant

    sorry if I have expressed myself unambiguously. Yes, we use Linux.  MFA in Linux and NoMachine works.
    To pick up on your sequence, I see it like this (at least for the first login)

    Open port 22 for ssh connection
    Force mfa creation on first login
    login with ssh and create a mfa
    logout
    than for compliance reason disable port 22

    than…

    1) start the nomachine connection

    2) input your username and password

    3) input the Authentication code (from the google authenticator on the mobile app)

     

    i attach a picture from [edited]… that can handle mfa creation in gui…

    Attachments:
    #47334
    Britgirl
    Keymaster

    Thanks for clarifying, so everything is working correctly.

    In version 9 we will be including our own built-in 2FA option in the GUI. This might be of interest to you.  To use it, users will require a NoMachine account and the NoMachine app installed in order to receive push notifications, and being logged in to new NoMachine Network service within the app. NoMachine 2FA can be used to protect your NoMachine/Network account logins as well as for approving incoming connections. As I said, it will be released in version and will be available in all products.

    #47343
    mwdb
    Participant

    Hello, I’m glad to hear that.
    Is there already an approximate release date or when the first beta might be available for testing?
    Many thanks

    Matthias

    #48068
    Britgirl
    Keymaster

    Development is in its final stages. We don’t have an official date for the release yet, but we are working hard to make it available by the end of this summer.

Viewing 6 posts - 1 through 6 (of 6 total)

This topic was marked as solved, you can't post.