Updated on 2024-10-23 GMT+08:00

Enterprise's Authentication System

Scenario

The administrator can configure the interconnection with an enterprise's authentication system so that end users can use the system to perform the second authentication when logging in to desktops from Huawei Cloud Workspace client using accounts and passwords.

Prerequisites

  • Workspace has been subscribed to.
  • The network between the customer data center of the enterprise authentication server and the VPC has been configured by referring to Getting Started of Direct Connect or What's New of Virtual Private Network.

    A random port has been enabled on the cloud desktop to connect to the third-party service plane. If the cloud desktop is also interconnected with the Windows AD, ensure that the Windows AD port does not conflict with the port of the authentication server.

  • The following information about the enterprise authentication server has been obtained:
    • (Optional) Domain name of the authentication server
    • Authentication server IP address
    • Access key (AK) of the authentication server
    • Secret access key (SK) of the authentication server
    • SSL/TLS certificate file in PEM or CER format of the authentication server

Constraints

The emergency mode is disabled.

The emergency mode is disabled by default.

If the emergency mode is enabled, multi-factor authentication cannot be used. Enter the service ticket information, obtain the emergency mode status of the current tenant, and disable the emergency mode as required.

Procedure

  1. Log in to the console.
  2. In the navigation pane, choose Tenant Configuration > Authentication Configuration.

    The Authentication Configuration page is displayed.

  1. Click the Auxiliary Authentication tab. Under Multi-Factor Authentication Configuration, click Enable.

    Figure 1 Enabling MFA

  2. In the dialog box displayed, click OK. The page for modifying the MFA configuration is displayed.
  3. Configure parameters by referring to Table 1.

    Table 1 Parameters for interconnecting with an enterprise's authentication system

    Parameter

    Description

    Example Value

    Authentication Server

    Select Interconnected with enterprise's authentication system.

    Interconnected with enterprise's authentication system

    Access mode

    Set this parameter based on the network condition of the user's authentication server.

    • If only the public network is accessible, select Internet.
    • If only the private network is accessible, select Direct Connect.

    Internet

    Server address

    Enter the IP address of the enterprise authentication server prepared in Prerequisites.

    If Access mode is set to Internet, enter the domain name of the enterprise authentication server.

    192.168.0.0

    APP ID

    Enter the AK of the enterprise authentication server prepared in Prerequisites.

    The AK can contain a maximum of 24 characters.

    -

    APP Secret

    Enter the SK of the enterprise authentication server prepared in Prerequisites.

    The SK can contain a maximum of 128 characters.

    -

    SSL/TLS Certificate

    1. Click Certificate Upload and select the SSL/TLS certificate of the enterprise authentication server prepared in Prerequisites.
    2. Click Open.

    -

  4. Click OK.

    Use enterprise's own authentication system for authentication. End users do not need to bind devices, for details, see Logging In to a Desktop Using an SC, Logging In to a Desktop Using a TC, Logging In to a Desktop Using a Mobile Terminal.