https://community.checkpoint.com/t5/Firewall-and-Security-Management/LDAP-with-2FA-for-admin-access/m-p/198787#M66640 <P>For access to Gaia OS, LDAP cannot be used as an authentication mechanism.<BR />Further, there is not a prompt for the second factor via RADIUS, it must be appended to the end of the password.</P> Thu, 23 Nov 2023 15:45:36 GMT PhoneBoy 2023-11-23T15:45:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/LDAP-with-2FA-for-admin-access/m-p/198739#M66639 <P>Hi.<BR /><BR />I recently got asked by customer it it is possible to login to SmartConsole and CP gateways and management server and authenticate against the LDAP server (Free IPA) and on top of that they would generate and offline 2FA token with FreeOTP.<BR /><BR />I am assuming that this can't be done. If I understand correctly Checkpoint devices only externally authenticate admin access against RADIUS and TACACS or there is the SecurID option of 2FA.<BR /><BR />Can you confirm my <SPAN>suspicion</SPAN>?<BR /><BR />R81.20 on management server / R81.10 on gateways<BR /><BR />Thanks</P> Thu, 23 Nov 2023 10:57:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/LDAP-with-2FA-for-admin-access/m-p/198739#M66639 Martin_Sykora 2023-11-23T10:57:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/LDAP-with-2FA-for-admin-access/m-p/198787#M66640 <P>For access to Gaia OS, LDAP cannot be used as an authentication mechanism.<BR />Further, there is not a prompt for the second factor via RADIUS, it must be appended to the end of the password.</P> Thu, 23 Nov 2023 15:45:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/LDAP-with-2FA-for-admin-access/m-p/198787#M66640 PhoneBoy 2023-11-23T15:45:36Z