Enabling MFA Posture Check

Hi all, I’m new to OpenZiti so be kind

I have successfully setup and tested connectivity to an MS RDS Host.

I used the ZAC to create the service and policies. There are 4 policies that were created:

RDP-Server-bind-policy

RDP-Server-dial-policy

RDP-bind-policy

RDP-dial-policy

I have enabled MFA on the Ziti Desktop Edge Client and that works when I enable the service- I get prompted for MFA and am able to enter the MFA code.

I’m now trying to setup and test MFA using Posture Check but cannot get it to work.

I create a Posture check using MFA under Identities.

If I assign my MFA posture check to RDP-bind-policy I never get the RDP Host login prompt nor do I get the MFA prompt.

If I assign my MFA posture check to the other 3 policies above I can connect to the RDP Host without MFA.

Any thoughts? Thanks in advance.

Could this be related to another post I found that described a potential bug with MFA?

Hi @czopper, welcome to the community and to OpenZiti! Sorry for a slight delay in responding... We're always kind here!

Oh, I wonder if we have ever tested this for bind. That's an interesting use and one I've never tested myself. I almost exclusively use posture checks and MFA on dial policies. Never bind...

I assume that is intentional right? I'll have to test this myself...

Hi thanks for the reply. I have tried Dial but nothing happens and my RDP connection works. When I enabled Posture Check on Bind that is when nothing happens and my RDP connection eventually times out.

FYI I'll get to this but it might take me a bit. If I (or someone) don't reply before say next tuesday, please bump this thread? cheers

Thanks. No rush, when you can, thanks.