Is it possible to use Google Authenticator for VPN access - AD users ?

Options
radekzd
radekzd Posts: 1 image  Freshman Member
in Security

Is it possible to use Google Authenticator for VPN access (IKEv2/L2TP) when users authenticate via Active Directory ? (USG Flex 700)

Accepted Solution

  • Zyxel_Tina
    Zyxel_Tina Posts: 452 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers First Comment
    Answer ✓

    Hi @radekzd,

    Welcome to the Zyxel Community!

    Google Authenticator currently supports only local user accounts on Zyxel firewalls. When using ext-user or ext-group-user (e.g., AD), Google Authenticator-based MFA is not supported. To implement MFA for external users, please use SMS or Email-based MFA instead. This method is supported for AD/LDAP users. For configuration details, please refer to p.584 in our handbook.

    Also, please ensure that the mobile number and/or Email address is filled in your AD server so that the SMS/Email authentication codes can be delivered properly.

    Zyxel Tina

All Replies

  • Zyxel_Tina
    Zyxel_Tina Posts: 452 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers First Comment
    Answer ✓

    Hi @radekzd,

    Welcome to the Zyxel Community!

    Google Authenticator currently supports only local user accounts on Zyxel firewalls. When using ext-user or ext-group-user (e.g., AD), Google Authenticator-based MFA is not supported. To implement MFA for external users, please use SMS or Email-based MFA instead. This method is supported for AD/LDAP users. For configuration details, please refer to p.584 in our handbook.

    Also, please ensure that the mobile number and/or Email address is filled in your AD server so that the SMS/Email authentication codes can be delivered properly.

    Zyxel Tina

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)