• Alex

How-To: Extend Workspace ONE Access MFA capabilities with eMail, OATH, ... using SMS2 and RADIUS

Let's start with "Why"

Couple weeks ago I was faced with a challenge that external suppliers and support personal were only able to perform MFA using eMail as employees neither had corporate mobile phones for modern (Verify, DUO) or old-school (text-message) authentication nor own an identity provider (AzureAD, Okta, etc) which I could federate against.


Workspace ONE Access (WS1A) already support a huge number of authentication providers but still there are some, which are not directly covered by a built-in provider natively. Luckily WS1A does support RADIUS which gives us the ability to extend the "skill-set" even further.


There is a free Microsoft Network Policy Server (aka RADIUS on Windows) extension called SMS2 (Download & Documentation: https://www.wrightccs.com)

This extension adds eMail, OATH (both HOTP, TOTP), SMS Gateway, PIN/TAN and other methods to RADIUS and therefore to Workspace ONE Access. I am using SMS2 over 5 years now without major issues and the best thing: It's free!


Setup and Configure

In this blog post I will focus on eMail as second factor of authentication, but feel free to use any other SMS2 methods as well.


Requirements:

Install all above components and make sure they can communicate.


Coming soon


I will update this blog post soon, wanted to share the idea/solution with the community. I will go through all the configuration steps in detail with screenshots.


5 views0 comments

© 2020 by Alexander Askin