topic DynamicID email OTP enforce in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/DynamicID-email-OTP-enforce/m-p/255708#M1707 <P>Here is what i'm trying to do.<BR /><BR /></P><P>I have configured DynamicID as second authentication factor. And it works fine. Now how to enforce it to the RA VPN users without removing username/password authentication from Properties-&gt;VPN clients-&gt;Authentication. I know removing it will leave username/pasword + OTP authentication alone and users have recreate site to use RA VPN. But I still need username/password authentication for some emergency.<BR /><BR />Or is there any suggestion in case of emergency, admins could authenticate without OTP? Any ideas can be helpful.</P><OL><LI>Enforce OTP for users</LI><LI>Leave username/password authentication</LI></OL><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2025-08-22 113545.png" style="width: 587px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31282i2ACA8CAF7052F683/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2025-08-22 113545.png" alt="Screenshot 2025-08-22 113545.png" /></span></P> Fri, 22 Aug 2025 03:39:01 GMT usukhbayar_g 2025-08-22T03:39:01Z DynamicID email OTP enforce https://community.checkpoint.com/t5/SASE-and-Remote-Access/DynamicID-email-OTP-enforce/m-p/255708#M1707 <P>Here is what i'm trying to do.<BR /><BR /></P><P>I have configured DynamicID as second authentication factor. And it works fine. Now how to enforce it to the RA VPN users without removing username/password authentication from Properties-&gt;VPN clients-&gt;Authentication. I know removing it will leave username/pasword + OTP authentication alone and users have recreate site to use RA VPN. But I still need username/password authentication for some emergency.<BR /><BR />Or is there any suggestion in case of emergency, admins could authenticate without OTP? Any ideas can be helpful.</P><OL><LI>Enforce OTP for users</LI><LI>Leave username/password authentication</LI></OL><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2025-08-22 113545.png" style="width: 587px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31282i2ACA8CAF7052F683/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2025-08-22 113545.png" alt="Screenshot 2025-08-22 113545.png" /></span></P> Fri, 22 Aug 2025 03:39:01 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/DynamicID-email-OTP-enforce/m-p/255708#M1707 usukhbayar_g 2025-08-22T03:39:01Z Re: DynamicID email OTP enforce https://community.checkpoint.com/t5/SASE-and-Remote-Access/DynamicID-email-OTP-enforce/m-p/255768#M1708 <P>Unfortunately, there isn't a way to have different authentication factor requirements for different type of users.</P> Fri, 22 Aug 2025 22:07:03 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/DynamicID-email-OTP-enforce/m-p/255768#M1708 PhoneBoy 2025-08-22T22:07:03Z