2FA authentication by EMail
Guru Member
2FA authentication by EMail on FLEX H models
allow 2FA authentication from other IP then the connecting VPN IP is from
allow 2FA authentication by WAN
Comments
-
Hi @PeterUK ,
Could you share your specific reasons for wanting to use email-based 2FA authentication on FLEX H models?
Have you considered using Google Authenticator as an alternative?
allow 2FA authentication by WAN
Could you provide more details about your requirements/ scenario?
Why do you need to enable 2FA authentication by WAN?Zyxel_Judy
0 -
One might only like email-based 2FA authentication over Google Authenticator or your not able to have Google Authenticator
At this time for my setup that a hope Kay gets round to looking at 2FA just does not work with firewall on for some reason.
So what I don't know is does 2FA page meant to work over the VPN tunnel when connected then the full connect is allowed? as that would explain some things
1 -
So another use case for Email is the remote user is a long way away and you don't want to give them admin access to the FLEX they can't scan the QR code on there phone for Google Authenticator so ok their is "Can not scan the QR code?" so you send this info by Email for them to add it manually then they have to send you the code for Verify your device on FLEX by Email which will be a pain and needs to be done in time.
1 -
Hi @PeterUK ,
Since there is a voting system in the Zyxel community, we recommend submitting only one idea per post. This makes it easier for members to track and vote on specific suggestions.
Please keep this post focused on your first idea "2FA authentication by EMail on FLEX H models". Thank you for providing the scenario and explaining your requirements for this feature. We will evaluate your request thoroughly. Please follow our Firewall News & Releases channel to stay informed about future feature implementations.
News and Release - Zyxel Community
Regarding your other issues and suggestions, Kay has already provided a response in the original post:
allow 2FA authentication from other IP then the connecting VPN IP is from
https://community.zyxel.com/en/discussion/comment/73884/#Comment_73884
allow 2FA authentication by WAN
https://community.zyxel.com/en/discussion/comment/73609/#Comment_73609
Zyxel_Judy
0 -
Another reason could be because with Ext-group-user connected to AD, you can only use 2FA mail.
1: this is also something that might be implemented with Google Authenticator, would be very nice, even if it's still on the non H models
2: Ext-group-user not supported on FLEX 200H models.
So it was already a crippled feature, now it is even more crippled with H series with lack of Ext-Group-User support.
0 -
Hi users,
Recognizing the potential usefulness of the feature as 2FA authentication by email for users, we are considering this as a potential feature.
Please follow the Firewall News & Release to know about the enhancements and new features.
Zyxel_Judy
0 -
I'm setting up now in production a FLEX200H for my own company, because Ext-Group-User works now. I can wait for 2FA for the VPN users for now.
But on my old FLEX I had 2FA through mail enabled for admin web access. I do it for all my clients like that, so I don't have to set up dozens of Google authenticator profiles on my smartphone. It seems now that feature is missing?
On old flex you could set up next to admin an emailaddres and then press send code. After that enable Admin Access through mail.
If I want to do that now I get this:
We're not there yet with the FLEX H Series. Thank god all my current cliënts are 100% moved to FLEX Series, so I'm good for some years for existing cliënts. New cliënts will be a little problem with 2FA, but it's very good that Ext-Group-User is now available.
0 -
Hello, apart from the technincal reasons well exposed by @PeterUK my personal reason is that many of the employees of my clients do not use google authenticator nor have a smartphone provided by their company and they do not want to install new apps on their personal phone while they have an email account on it
0 -
Besides, when you connect to a full tunnel VPN with 2FA with your laptop the connection is totally freezed until you make the second authentication.
This means that you have to use another device to authenticate
Usually this is the smartphone
Now with Google Authenticator the procedure is not so easy:
- open G auth
- copy the code
- open the web browser
- open the firewall web page (with the correct 2FA port
- past the code
- click authenticate
expecially point 4 is often a struggle for many end users: they have to bookmark the url in a browser, remember that they bookmarked it
The procedure from point 2 to point 6 must has to be completed within 30 seconds (Google auth code lasts 30")
while by email it is just
- open the email
- click authenticate
- click authenticate
unless there is a fast track for google authentication that i newer understood (please tell me), i think that everybody will agree that email is simpler by far🧐
0 -
Nice idea!
1
Zyxel Employee
Ally Member
Freshman MemberCategories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 183 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 449 USG FLEX H Series
- 301 Security Ideas
- 1.6K Switch
- 80 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 276 Service & License
- 434 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight
