Parallels RAS 19 Administrator's Guide - Multi-factor authentication

Introduction
- Parallels RAS 19 release history
- About Parallels RAS
- About this guide
- What's new
- Terms and abbreviations used in this guide
Installing Parallels RAS
- System requirements
- Install Parallels RAS
- Log in and activate Parallels RAS
Getting Started with Parallels RAS
- The Parallels RAS Console
- Set up a basic Parallels RAS Farm
Farm and Sites
- Connecting to a Parallels RAS Farm
- About Sites
- Sites in the RAS Console
- Adding a Site to the Farm
- Replicating Site settings
- Managing Licensing Site
- Managing administrator accounts
RAS Connection Broker
- Configuring RAS Connection Brokers
- Secondary Connection Brokers
- Managing Secondary Connection Brokers
- Using computer management tools
RAS Secure Gateway
- Overview
- Adding a RAS Secure Gateway
- Manually adding a RAS Secure Gateway
- Checking the RAS Secure Gateway status
- Configuring a RAS Secure Gateway
- Secure Gateway tunneling policies
- Configure logging
- Viewing Secure Gateway summary and metrics
- Using computer management tools
RD Session Hosts
- RD Session Host types
- Add an RD Session Host
  - Installing the agent manually
- Add a template-based RD Session Host
- Manage RD Session Hosts
- Planning for high availability
- Managing logons
- Using computer management tools
- Publishing from an RD Session Host
- Viewing published resources
Virtual Desktop Infrastructure (VDI)
- Supported providers
- Add a provider
- Manage VDI
- Configure logging
- Enabling high availability for VDI
- Site defaults (VDI)
- Using computer management tools
- Viewing Provider summary
- Remote PC pools
Azure Virtual Desktop
- Introduction
- Prerequisites
- Deploy Azure Virtual Desktop
- Manage Azure Virtual Desktop
- Site defaults (Azure Virtual Desktop)
  - Site defaults for single-session hosts
  - Site defaults for multi-session hosts
- Using Parallels Client with Azure Virtual Desktop
- Verify the deployment
Remote PCs
- Overview
- Adding a Remote PC to a Farm
  - Admin-initiated Remote PC enrollment
  - Self-service Remote PC enrollment
- Configuring a Remote PC
- Viewing Remote PC summary
- Using computer management tools
Publishing
- Overview
- Publishing a desktop
- Publishing an application
- Publishing an application with MSIX app attach
- Publishing a web application
- Publishing a network folder
- Publishing a document
- General management tasks
- Manage published applications
- Manage published desktops
- Manage published documents
- Manage folders
- Site defaults (Publishing)
- Using filtering rules
- Configuring preferred routing
- Understanding session prelaunch
- Checking effective access
- Specifying client settings
- Quick keypad
Session Management
- Overview
- Session information
- Monitoring settings
- Managing sessions
- The Resources tab
SSL Certificate Management
- Generating a self-signed certificate
- Generating a certificate signing request (CSR)
- Let's Encrypt certificates
  - Requesting a Let's Encrypt Certificate
  - How Parallels RAS requests certificates from Let's Encrypt
- Importing a certificate
- Exporting a certificate
- Assigning a certificate to Secure Gateways and HALBs
- Auditing certificates
- Permissions to manage certificates
- Upgrading from an older RAS version
Connection and Authentication Settings
- RAS Connection Broker connection settings
- Remote session settings
- Logon hours settings
- Restricting access by Parallels Client type and build number
- Multi-factor authentication
- Allowing users to change domain password
- Allowing users to discover RAS connections via email address
Load Balancing and HALB
- Resource based & round robin load balancing
  - Configure CPU optimization
- High availability load balancing (HALB)
RAS Multi-Tenant Architecture
- Overview
- Architecture description
  - Implementation overview
  - User connection flow
- Deploying Tenant Broker and Tenants
- Managing Tenants
- Shared Gateways
- Third-party network load balancers
- Web Client and Themes
- Monitoring Tenants
- Tenant Broker compatibility and updates
- Upgrading from an older RAS version
- Configuring notifications
- Communication ports
SAML SSO Authentication
- Introduction
- System requirements
- SAML basics
- SAML configuration
- Parallels Client configuration
- Parallels client policy configuration
- Test the SAML SSO deployment
- Error messages
Parallels Web Client and User Portal
- Configure Web Client
- Configure Themes
- Open Parallels Web Client
- Main menu options
- Running remote applications and desktops
- Auto login
- Direct App access
- Using the toolbar
Universal Printing
- Managing Universal Printing settings
- Universal Printing drivers
- Font management
Universal Scanning
- Managing Universal Scanning
- Adding scanning applications
User Device Management and Client Policies
- Inviting users to connect to Parallels RAS
- Mass configuring user devices
- Enabling Help Desk support
- Monitoring devices
  - Getting additional device information
- Windows device groups
- Managing Windows devices
  - Windows desktop replacement
- Scheduling Windows devices & groups power cycles
- Client Policies
- Configuring remote file transfer
Reporting
- System requirements
- Install Microsoft SQL Server
  - Install Microsoft SQL Server 2016 or earlier
  - Install Microsoft SQL Server 2017 or 2019
- Install Parallels RAS Reporting
- Running Parallels RAS reports
- GDPR compliance
Performance Monitor
- Overview
- Install RAS Performance Monitor
- Using Parallels RAS Performance Monitor
- Configure RAS Performance Monitor Security
- Updating RAS Performance Monitor
Common Management Tasks
- Recovery - add a root administrator
- Host name resolution
- Computer management tools
- Site information
- Site settings
- Using MSIX application packages
- Using template versions
- Settings audit
- Upgrading RAS agents
- Licensing
- Configure HTTP proxy settings
- System event notifications
- RAS session variables
- Maintenance and backup
  - Exporting and importing Farm settings from the command line
- Problem reporting and troubleshooting
- Logging
- Suggest a feature
Parallels RAS Management Portal
- Overview
- Prerequisites
- Installation
- Log in to RAS Management Portal
- Configure RAS Web Administration Service
- RAS Management Portal user interface
Parallels RAS APIs
- RAS PowerShell API
- RAS REST API
- RAS Web Client API and Parallels Client URL scheme
Appendix
- Microsoft license requirements in Parallels RAS
- Port reference
- RAS performance counters

Multi-factor authentication

Parallels RAS allows you to use multi-factor authentication for access control. When multi-factor authentication is used, users will have to authenticate through two successive stages to get the application list. While the first level will always use native authentication (Active Directory / LDAP), the second level can use one of the following solutions:

RADIUS
- Azure MFA (RADIUS)
- Duo (RADIUS)
- FortiAuthenticator (RADIUS)
- TekRADIUS
- RADIUS
TOTP
- Google Authenticator
- Microsoft Authenticator
- TOTP (Time-based one-time password)
Deepnet
SafeNet

Multi-factor authentication is more secure because instead of using a standard user name and password, it uses a static user name and a one-time password generated by a token.

Learn how to add an MFA provider in the Adding an MFA provider section.