Amazon WorkSpaces is a fully managed desktop computing service in the cloud. You can easily provision and manage cloud-based desktops that can be accessed from laptops, iPads, Kindle Fire, and Android tablets. If you are using the AD Connector, you can use your on-premises WiKID server to provide two-factor authentication to your users. Many organizations like the simplicity of using a service like Workspaces while maintaining controls to the keys to the kingdom at home. This setup allows that level of control.
Addng two-factor authentication to WorkSpaces is fairly simple:
1. Open the Amazon WorkSpaces console.
2. Choose Directories in the navigation pane.
3. Chose Update.
4. Check 'Enable Multi-factor Authentication'.
5. Enter the IP address of your WiKID server (or NPS if you are using it) under RADIUS server IP.
6. Set the port as 1812.
7. Enter the shared secret. This is the same shared secret using on the WiKIDAdmin Network Client setup.
8. Set the protocol to PAP. Set the server time out (20 secs) and max retries (default).