Automation
The Automation tab in the RADIUS Properties dialog allows you customize the OTP experience for Parallels Client users by configuring security verification methods and custom commands to be sent to a RADIUS server during the MFA login process. Different security verification methods can be assigned priority and configured to be automatically used.
With this functionality configured, users can choose their preferred security verification method from a predefined and configurable list including Push notification, Phone Callback, SMS, Email, and Custom. The methods appear as clickable icons on the OTP dialog in Parallels Client. When a user clicks an icon, a command is sent to the RADIUS server and the corresponding verification methods is used.
To configure a verification method (also called "actions" here and in the Parallels RAS Console), on the Automation tab, click Tasks > Add. In the Add Action dialog, specify the following properties:
Enable Action: Enables or disables the action.
Title: The text that will appear on the clickable icon in Parallels Client (e.g. "Push").
Command: The OTP command to be used when the action icon is clicked in Parallels Client. Consult your MFA provider for command specifications.
Description: A description that will appear on the user's screen as a balloon when the mouse pointer hovers over the action icon.
Action message: A message to show to the user in the connection progress box.
Select an image: Select an image from the provided gallery. The image is used as the action icon in the OTP dialog in Parallels Client.
When done, click OK to save the action. Repeat the steps above for other actions.
Note: You can create up to five actions. When all five are created, the Tasks > Add menu is disabled.
You can move the actions on the Automation tab up or down the list. This dictates in which order the action icons will be displayed in Parallels Client.
Autosend
There's one more option that you can configure for an action. It is called Autosend. The option can be enabled for one action only, making it a default action, which will be used automatically without user interaction.
To enable the Autosend option, select an action on the Automation tab and click Tasks > Autosend. To disable the option, click the same menu again. If you enable Autosend for a different action, it will be automatically disabled for the previous action.
There are two possible ways to make an action execute automatically in Parallels Client:
Client is receiving the action icon configuration for the first time and one of the actions has Autosend enabled.
Enabling the Remember last method used option in Policies > Session > Connection > Multifactor authentication. When the option is enabled, and Parallel Client receives the policy, the last method successfully used by the user will become the default automatic method.
Parallels Client
When the user logs in to Parallels RAS via MFA, the OTP dialog is shown in Parallels Client with the actions icons positioned above the OTP field. The user clicks an icon and the authentication is carried out according to the predefined action. For example, if the user clicks the "Push" icon, a push notification is sent to the user mobile device where they can simply tap "Approve". Or there could be a "Text me" icon, in which case a text is sent to the user mobile phone with a one-time password. If one of the actions has the Autosend option enabled, then this action is used automatically.
If a user always uses the same authentication method, they can make it the default one. To do so, the user enables the Remember last method used option in the MFA authentication section of the connection properties. Depending on the platform, the option can be found at the following locations:
Parallels Client for Windows / Linux: Connection Advanced Settings > MFA authentication
Parallels Client for Mac: Advanced > MFA authentication
Parallels Client for Chrome: Advanced Settings
Web Client: Settings
Parallels Client for iOS: Connection Settings > MFA authentication
Parallels Client for Android: Settings > MFA authentication
As was already mentioned above, the Remember last method used can also be configured in Client Policies in the RAS Console. The option is enabled by default.