Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tiger_QAs
Contributor

Identity Awareness and Legacy Client Authentication portal consolidation

Hello Folks,

Our environment has both IA and Legacy authentication currently. Below are my Q's.

        1. Is it possible to do MFA (Radius) in IA ? I
                    [If answer is NO to Question-1 then our query leads to Question-2]

        2. Is it possible to consolidate both IA and Legacy portals ?


Any suggestions or recommendations are greatly appreciated!!

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

RADIUS authentication is supported for Captive Portal, yes. 

0 Kudos
Tiger_QAs
Contributor

Thanks for a quick update Welch!

Our use case is to have MFA for only external contractors, As seen in below example firewall rules, We would like to leverage IA only for "External Contractors" rule.

So Is there a way to use AD group on "External Contractors" rule and also leverage MFA without disrupting IA rule ?

IA and legacy authentication firewall rules.JPG

 

0 Kudos
PhoneBoy
Admin
Admin

The difference would be how the identities are acquired (Captive Portal versus Active Directory) and the Access Role used.
But one should not impact the other.

Tiger_QAs
Contributor

Hello Mr.PhoneBoy, Greetings!

I am trying to configure MFA using the RSA token to the Browser Based auth. Even after adding the SecureID server to my authentication setting it does not prompt me for my token when I used the Captive Portal and try browser based auth.

Is there a way to integrate MFA for Browser based authentication?

Note: I don't have remote access VPN configurations on my gateways.
0 Kudos
PhoneBoy
Admin
Admin

As far as I remember, we currently don't support a specific prompt for a second factor.
I believe you enter the password plus the second factor as a single password entry.

0 Kudos
the_rock
Authority
Authority

I implemented this for couple customers, but it can get little tricky. Say, for example, you have 500 people in your company and you want only 50 of them using Radius for MFA. Well, its not as easy as referencing that group in AD for radius auth, what we had to do is create local vpn users in dashboard and set their auth to Radius and then update the proper vpn/access role groups to allow them access. This is not sadly scalable for lots of users, but it does work. Message me privately if you want to do remote, Im happy to show you.

 

Cheers!

 

A.