Setting Up Azure MFA (RADIUS) as Second Level Authentication Provider for Parallels RAS

0 users found this article helpful


Please note that Azure MFA Server on premises is not available for new deployments since July 1, 2019.

The below guide is a step by step configuration guide for Azure MFA which can be used as Second Level Authentication provider in Parallels RAS Environment deployed on Microsoft Azure on Infrastructure as a Service (IAAS).

Note: It is assumed that reader has a basic understanding of both Microsoft Azure and Parallels RAS. This guide will only focus on the basic configuration of Microsoft Azure MFA Server (on-premise) and configuration of Parallels Remote Application Server.

Pre-requisites and Assumptions

Document process flow

This article will take the reader through the following process to complete Azure MFA (RADIUS) configuration with Parallels RAS Second Level Authentication:

  1. Downloading and installing Azure MFA Server On-Premises
  2. Activating Azure MFA Server
  3. Configuring Azure MFA Server to support RADIUS
  4. Importing Users from Active Directory
  5. Validating configuration
  6. Configuring Parallels Remote Application Server
  7. Evaluation


Downloading and Installing Azure MFA Server On-Premises

1. Download the Azure Multi-Factor Authentication Server from the Azure portal:


2. Run the installer, wait till it install packages (MS Visual C++, etc), accept EULA and proceed with the installation.






Activating Azure MFA Server

3. Generate credentials to activate Azure MFA Server on-premises






Configuring Azure MFA Server to support RADIUS

4. MFA Server has been activated. Now need to proceed with it's configuration:




NOTE: Once done, there will be an exclamation mark asking you to enable "Require Multi-Factor Authentication user match",  please do so by clicking on Edit button and save the changes.



Importing Users From Active Directory

5. To import users, a Domain Administrator role is required.



Validating Configuration

6. To confirm that MFA Server configured properly:


Configuring Parallels Remote Application Server

7. Set up Second Level Authentication in RAS:




8. Test MFA via connecting to your Farm using Parallels Client. In case everything is correct, after inserting OTP you should see applications available for your user:



Was this article helpful?

Tell us how we can improve it.