You can enable multi-factor authentication (MFA) for your AD Connector directory. For more information about using multi-factor authentication with AWS Directory Service, see Enable multi-factor authentication for AD Connector and AD Connector prerequisites.
Note
-
Your RADIUS server can either be hosted by AWS or it can be on-premises.
-
The usernames must match between Active Directory and your RADIUS server.
To enable multi-factor authentication
Open the WorkSpaces console at https://console.aws.amazon.com/workspaces/v2/home
. -
In the navigation pane, choose Directories.
-
Select your directory and then choose Actions, Update Details.
-
Expand Multi-Factor Authentication and then select Enable Multi-Factor Authentication.
-
For RADIUS server IP address(es), type the IP addresses of your RADIUS server endpoints separated by commas, or type the IP address of your RADIUS server load balancer.
-
For Port, type the port that your RADIUS server is using for communications. Your on-premises network must allow inbound traffic over the default RADIUS server port (UDP:1812) from AD Connector.
-
For Shared secret code and Confirm shared secret code, type the shared secret code for your RADIUS server.
-
For Protocol, choose the protocol for your RADIUS server.
-
For Server timeout, type the time, in seconds, to wait for the RADIUS server to respond. This value must be between 1 and 50.
-
For Max retries, type the number of times to attempt communication with the RADIUS server. This value must be between 0 and 10.
-
Choose Update and Exit.
Multi-factor authentication is available when RADIUS status is Enabled. While multi-factor authentication is being set up, users cannot log in to their WorkSpaces.
