cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

2FA segmented by user (R80.10)

When implementing 2FA with SMS gateway and AD (in R80.10), is it possible to have some users with 2FA and others not? The purpose it to have superadmins which can remotely access when there are issues with the SMS gateway.

Or the segmentation must be between AD users and local users?

Also for the purpose of testing, how can we setup only a user with 2FA (without enabling 2FA for all users)?

Tags (1)
0 Kudos
3 Replies
Admin
Admin

Re: 2FA segmented by user (R80.10)

You can still have users authenticate with AD and be defined locally.

In fact, you have to do that for "exceptions" (for example, some users needing MFA, the rest not, or vice versa).

0 Kudos

Re: 2FA segmented by user (R80.10)

I do this, but using Clearpass/Freeradius instead of AD directly.

It's merely a matter of response you send based on the user/pass request. Instead of ACCEPT, send a CHALLANGE when not super admin.

Br,

Thomas

0 Kudos

Re: 2FA segmented by user (R80.10)

Hi Rui,

 

Did you find a way to get your test running, with only test users doing 2FA and not everyone?

 

Looking to do this myself.

 

Thank you

0 Kudos