Deploying Multi-Factor Authentication on Parallels RAS

This guide explains how to set up multi-factor authentication (MFA or 2FA) for Parallels RAS (Remote Application Server) using the Protectimus system.

When integrating Protectimus two-factor authentication with Parallels RAS, the Protectimus Cloud 2FA Service or On-Premise 2FA Platform acts as a RADIUS server through a dedicated connector called Protectimus RADIUS Server. Parallels RAS, on the other hand, functions as a RADIUS client.

Here’s how it works: the Protectimus RADIUS Server connector forwards authentication requests from Parallels RAS to the Protectimus multi-factor authentication (MFA) server. Based on the response received, access is either granted or denied.

Below, we provide an example of how to integrate Protectimus 2FA with Parallels RAS for seamless Parallels RAS MFA.

1. How to Enable Multi-Factor Authentication for Parallels RAS

You can set up multi-factor authentication (2FA) for Parallels RAS with Protectimus using the RADIUS protocol:

1. Get registered with Protectimus SAAS Service or install the On-Premise 2FA Platform and configure basic settings.
2. Install and configure Protectimus RADIUS Server.
3. Add Protectimus as RADIUS Server for Parallels Desktop.

2. Get Registered and Configure Basic Protectimus Settings

1. Register with the Protectimus Cloud Service and activate API or install the Protectimus On-Premise Platform (if you install Protectimus Platform on Windows, check the Radius box during the installation).
2. Add Resource.
3. Add Users.
4. Add Tokens or activate Users’ Self Service Portal.
5. Assign Tokens to Users.
6. Assign Tokens with Users to the Resource.

3. Install and Configure Protectimus RADIUS Server

Detailed instructions for installing and configuring the Protectimus RADIUS Server for Parallels RAS two-factor authentication using RADIUS are available in our Protectimus RADIUS Server Installation Guide for Parallels RAS MFA.

4. Add Protectimus as RADIUS Server for Parallels RAS

1. Access your Parallels RAS Application Server Console and navigate to:
   Connection —> Multi-Factor authentication —> + (plus) icon in the upper-right corner —> RADIUS —> RADIUS…
   
   
   
2. In the upcoming window, provide the following details:
   • Name: Select a name for your RADIUS server, such as Protectimus RADIUS Server.
   • Description: This field is optional and enables you to include a description for your RADIUS server if desired.
   • Themes: Ensure to choose the «Default» option.
   
   
3. Click Next and proceed to fill in the details regarding your RADIUS server. Please consult the provided image and table for reference.
   
   

   Display Name	Come up with a name for your RADIUS server.
   Primary Server	IP of server where the Protectimus RADIUS Server component is installed.
   Secondary Server	Simply leave it blank.
   HA Mode	Simply leave it blank.
   Port	Indicate 1812 (or whichever port you configured in the Protectimus radius.yml file when configuring Protectimus RADIUS Server).
   Timeout	Set to 60 seconds.
   Retries	Set to 3.
   Secret key	Indicate the shared secret you created in the Protectimus radius.yml file (radius.secret property) when configuring Protectimus RADIUS Server.
   Password encoding	Choose PAP.

   
   
   
4. All remaining options are voluntary. Click Finish and save your configuration.

Please note: Configuring MFA for Parallels RAS is unique. By default, the RADIUS MFA provider only supports the TOTP authentication method, which includes Protectimus hardware TOTP tokens or the 2FA app Protectimus SMART OTP. Enabling SMS, chatbot, or email authentication may require additional setup. If you need assistance with these authentication methods, please contact our support team.

Integration of two-factor authentication (2FA/MFA) for your Parallels RAS is now complete.

If you have other questions, contact Protectimus customer support service.