In addition to Citrix now supporting Radius, GoToMyPC corporate supports radius now. This document describes how to add support for WiKID two-factor authentication to GoToMyPC Corporate.
First, configure the Microsoft Radius server IAS to use WiKID for two-factor authentication.
Second, enable radius on the Go-To-MyPC Corporate server. Login as Administrator on the server and:
- Select the Manage Groups link in the left navigation bar.
- Select the name of the group or sub-group to get two-factor authentication.
- On the Group Administration window for the two-factor group, click the link for Authentication Method under Group Settings. The Authentication Method window will appear.
- Select the "RADIUS is required" option the "Show RADIUS configuration in GoToMyPC preferences" check box.
- Click the Save Settings button.
Now, each Host PC needs to be configured for Radius.
- Right-click the GoToMyPC system tray icon and choose Preferences.
- In the Preferences window, click the Authentication tab.
- Select the Configure RADIUS button.
- Enter the IP address of the IAS server under Radius server and click Add.
- Enter the Username. If you used our scripts to automate the initial validation of AD users, this will be their AD username.
- For the Encryption Key, enter the shared secret as created on the WiKID server.
Now each Host PC needs to be configured as a client to the IAS radius server:
- Select Administrative Tools > Internet Authentication Service, and right click RADIUS Clients.
- Select New RADIUS Client.
- Under Friendly Name enter a name for the Host PC.
- Enter either the fully qualified domain name or the IP address of host PC as Client Address.
- Select Next
- Under Client Vendor list, select RADIUS Standard (default).
- Enter a Shared Secret in the Shared Secret field - the same as you entered in the Host PC.
- Click Finish.
- Under the Ports tab, check to make sure IAS is using port 1812.
Now, you need to uncheck the option to "Show RADIUS configuration in GoToMyPC preferences". If you do not do this, the user can simply turn off two-factor authentication!. Therefore this is an important step!.
Product names used within are trademarks of their respective owners.