https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/127885#M23371 <P>As far as I remember, we currently don't support a specific prompt for a second factor.<BR />I believe you enter the password plus the second factor as a single password entry.</P> Tue, 24 Aug 2021 16:50:09 GMT PhoneBoy 2021-08-24T16:50:09Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115512#M21515 <P>Hello Folks,<BR /><BR />Our environment has both IA and Legacy authentication currently. Below are my Q's.<BR /><BR />&nbsp; &nbsp; &nbsp; &nbsp; 1. Is it possible to do MFA (Radius) in IA ? I<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [If answer is NO to Question-1 then our query leads to Question-2]</P><P>&nbsp; &nbsp; &nbsp; &nbsp; 2. Is it possible to consolidate both IA and Legacy portals ?<BR /><BR /><BR />Any suggestions or recommendations are greatly appreciated!!</P> Wed, 07 Apr 2021 15:14:56 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115512#M21515 Tiger_QAs 2021-04-07T15:14:56Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115515#M21516 <P>RADIUS authentication is supported for Captive Portal, yes.&nbsp;</P> Wed, 07 Apr 2021 15:22:47 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115515#M21516 PhoneBoy 2021-04-07T15:22:47Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115521#M21517 <P>Thanks for a quick update Welch!<BR /><BR />Our use case is to have MFA for only external contractors, As seen in below example firewall rules, We would like to leverage IA only for "External Contractors" rule.<BR /><BR />So Is there a way to use AD group on "External Contractors" rule and also leverage MFA without disrupting IA rule ?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IA and legacy authentication firewall rules.JPG" style="width: 642px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/11301iC2B2F021A3956CCE/image-dimensions/642x69?v=v2" width="642" height="69" role="button" title="IA and legacy authentication firewall rules.JPG" alt="IA and legacy authentication firewall rules.JPG" /></span></P><P>&nbsp;</P> Wed, 07 Apr 2021 16:37:42 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115521#M21517 Tiger_QAs 2021-04-07T16:37:42Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115524#M21518 <P>The difference would be how the identities are acquired (Captive Portal versus Active Directory) and the Access Role used.<BR />But one should not impact the other.</P> Wed, 07 Apr 2021 19:32:00 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/115524#M21518 PhoneBoy 2021-04-07T19:32:00Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/127865#M23367 <DIV>Hello Mr.PhoneBoy, Greetings!<BR /><BR />I am trying to configure MFA using the RSA token to the Browser Based auth. Even after adding the SecureID server to my authentication setting it does not prompt me for my token when I used the Captive Portal and try browser based auth.<BR /><BR />Is there a way to integrate MFA for Browser based authentication?<BR /><BR />Note: I don't have remote access VPN configurations on my gateways.</DIV> Tue, 24 Aug 2021 14:44:46 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/127865#M23367 Tiger_QAs 2021-08-24T14:44:46Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/127885#M23371 <P>As far as I remember, we currently don't support a specific prompt for a second factor.<BR />I believe you enter the password plus the second factor as a single password entry.</P> Tue, 24 Aug 2021 16:50:09 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/127885#M23371 PhoneBoy 2021-08-24T16:50:09Z https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/127892#M23373 <P>I implemented this for couple customers, but it can get little tricky. Say, for example, you have 500 people in your company and you want only 50 of them using Radius for MFA. Well, its not as easy as referencing that group in AD for radius auth, what we had to do is create local vpn users in dashboard and set their auth to Radius and then update the proper vpn/access role groups to allow them access. This is not sadly scalable for lots of users, but it does work. Message me privately if you want to do remote, Im happy to show you.</P> <P>&nbsp;</P> <P>Cheers!</P> <P>&nbsp;</P> <P>A.</P> Tue, 24 Aug 2021 17:16:45 GMT https://community.checkpoint.com/t5/General-Topics/Identity-Awareness-and-Legacy-Client-Authentication-portal/m-p/127892#M23373 the_rock 2021-08-24T17:16:45Z