Flex500 MFA for SSL VPN - setup Authenticator from Remote
Hello everyone,
we use a FLEX500 with latest firmware and several SSL VPN Logins for people that work at remote places. Out of security considerations we want to implement MFA (TOTP) for all remote workers but are having a hard time rolling it out without them coming to the office.
From what i read in the manual an from my experience, when setting a login to force MFA via Google Authenticator there is no way to allow that person in the remote workplace (homeoffice) to set up his/her authenticator, is that right?
I only found the solution to log in with an admin and let the user scan the QR Code with the authenticator app.
Is there any possibility to enable MFA via Authenticator for users that are far away without either 1) needing them to come to the office or 2) doing a remote teamviewer session with each and everyone?
From other products i am used to the possibility that, after the first login with MFA forced, the user can set up the Google AUthenticator himself either with a QR Code or a simple code.
Thanks in advance and best regards,
Dom
Accepted Solution
-
Hi @Gileraracer,
In the current design, the user needs to set up the Google Authenticator by scanning the QR code on the administrator portal. We will move this request to idea section for future evaluation. Thanks for your suggestion.
0
Zyxel Employee
All Replies
-
Hi @Gileraracer,
In the current design, the user needs to set up the Google Authenticator by scanning the QR code on the administrator portal. We will move this request to idea section for future evaluation. Thanks for your suggestion.
0 -
Hi and thanks for your reply.
Unfortunately, for a large number of remote workers, this is very ill-conceived. I hope the idea will be implemented.
I have now set up a test user and activated MFA. When he now logs in via SecuExtender he does not see a window where he can enter the code from the Google Authenticator. Should a window appear here? Or where does an end user enter the code?
0 -
Hi @Gileraracer,
Which type of SecuExtender are you using? Is it SSL VPN Client or IPSec VPN Client?
If you use Zyxel VPN Client to establish VPN tunnel, it will pop up authentication page on browser automatically. For SSL VPN, you have to enter correct URL on browser manually. (e.g. https://YourDeviceIP:8080)
You can find more information on page 599 in the handbook.
How to Use Two Factor with Google Authenticator for VPN Access0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
