Reference Guide
Multi-Factor Authentication
MFA Configurations for VPN Services
Kron PAM MFA can be used as a 3rd party MFA server for all applications, devices, VPNs, etc. that support RADIUS authentication. Two options are available for MFA server support:
- Both the first authentication (with username and password) and the secondary authentication (with OTP) are provided via Kron PAM. To activate this feature: ā¢ Define the VPN device according to the TACACS Access Manager configuration ā¢ Enable MFA on the User Group (Navigate to Administration > 2FA Provisioning > User Group Management)
- Only a second authentication with OTP is provided via Kron PAM. To activate this feature: ā¢ Define the VPN device and the Device Group Realm with the related users in Kron PAM (See User Group Creationļ»æ and Device Managementļ»æ sections.) ā¢ Define the element type property in the VPN Device element type section:
- Navigate to Device Management > Element Type.
- Click the Options button of the desired element type and select Show Properties.
- Set the radius.auth.only.token.enabled property value as true.
Only Second Authentication with OTP
ļ»æ
ļ»æ