Flex500 MFA for SSL VPN - setup Authenticator from Remote
Hello everyone,
we use a FLEX500 with latest firmware and several SSL VPN Logins for people that work at remote places. Out of security considerations we want to implement MFA (TOTP) for all remote workers but are having a hard time rolling it out without them coming to the office.
From what i read in the manual an from my experience, when setting a login to force MFA via Google Authenticator there is no way to allow that person in the remote workplace (homeoffice) to set up his/her authenticator, is that right?
I only found the solution to log in with an admin and let the user scan the QR Code with the authenticator app.
Is there any possibility to enable MFA via Authenticator for users that are far away without either 1) needing them to come to the office or 2) doing a remote teamviewer session with each and everyone?
From other products i am used to the possibility that, after the first login with MFA forced, the user can set up the Google AUthenticator himself either with a QR Code or a simple code.
Thanks in advance and best regards,
Dom
Accepted Solution
-
Hi @Gileraracer,
In the current design, the user needs to set up the Google Authenticator by scanning the QR code on the administrator portal. We will move this request to idea section for future evaluation. Thanks for your suggestion.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0
All Replies
-
Hi @Gileraracer,
In the current design, the user needs to set up the Google Authenticator by scanning the QR code on the administrator portal. We will move this request to idea section for future evaluation. Thanks for your suggestion.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Hi and thanks for your reply.
Unfortunately, for a large number of remote workers, this is very ill-conceived. I hope the idea will be implemented.
I have now set up a test user and activated MFA. When he now logs in via SecuExtender he does not see a window where he can enter the code from the Google Authenticator. Should a window appear here? Or where does an end user enter the code?
0 -
Hi @Gileraracer,
Which type of SecuExtender are you using? Is it SSL VPN Client or IPSec VPN Client?
If you use Zyxel VPN Client to establish VPN tunnel, it will pop up authentication page on browser automatically. For SSL VPN, you have to enter correct URL on browser manually. (e.g. https://YourDeviceIP:8080)
You can find more information on page 599 in the handbook.
How to Use Two Factor with Google Authenticator for VPN AccessSee how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
A competing solution Sop*** initially allows authentication to the portal with credentials (user/password), then allows scanning of the QR for authentication apps (e.g. Google authenticator).
The next connection to the Sop*** gui will require user and "password+token" and it will be possible to download the vpn configuration file to import into the client (multi-platform).I hope that this can also be done in the "USG Flex H" that I have already started to install!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight