Reference Guide
Multi-Factor Authentication

MFA Configurations for VPN Services

1min

Single Connect MFA can be used as a 3rd party MFA server for all applications, devices, VPNs, etc. that support RADIUS authentication. Two options are available for MFA server support:

  1. Both the first authentication (with username and password) and the secondary authentication (with OTP) are provided via Single Connect. To activate this feature: • Define the VPN device according to the TACACS Access Manager configuration • Enable MFA on the User Group (Navigate to Administration > 2FA Provisioning > User Group Management)
  2. Only second authentication with OTP is provided via Single Connect. To activate this feature: • Define the VPN device and the Device Group Realm with the related users in Single Connect (See User Group Creation and Device Management sections.) • Define the element type property in the VPN Device element type section:
  3. Navigate to Device Management > Element Type.
  4. Click the Options button of the desired element type and select Show Properties.
  5. Set the radius.auth.only.token.enabled property value as true.
Only Second Authentication with OTP
Only Second Authentication with OTP