Mandatory single use of MFA on RDM users

Hello Thomas,

MFA links with AD accounts (in the database) need an authentication server. For this Devolutions Password Server or SQL Azure are required as the database.

That said, if you use another type of advanced data source you can always ask an MFA under Administration -- System Settings -- Security. That said, this MFA is configured locally so the user will just need to configure a local Google Auth and will be able to connect to the database (I'm not sure this is what you are looking for).

I think the best bet for you is SQL Azure or Devolutions Password Server. However, may I ask you what type of data source are you using?

Regards,

Hi David,
Thanks your your reply.
It is a local SQL 2016 server. So what you are saying is that a MFA feature integrated into the database of a local SQL is not possible, so the best choices is to either use the Devolutions Password Server in combination with RDM (i guess that DPS functions as the RDM database online right?).
Or look at Azure SQL migration where Azure SQL only forces a onetime connection MFA approval when connection to the database is made. After that, you will need to setup another MFA authentication on the local RDM client (and here, from what I understand, can't reuse MS Authenticator in RDM as RDM does not support this MFA yet. Correct?)

Thomas

Hi Thomas,

MFA with SQL is possible, what I'm telling is that the MFA will be on the application not on the authentication. (Force 2FA option)

Adding DPS to your setup (because, you still need a database behind) will add a middleware server to manage the AD integration (or AAD). DPS is an on-prem IIS application. Many other features will be added too (MFA, AD integration, RBAC with AD groups, PAM features, password rotation, approval process, recording servers and more (https://server.devolutions.net/).

For SQL Azure, we support Azure MFA on the authentication, so each time a user will connect to the database (SQL Azure) he will be prompted for his MFA.

Regards,