Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

2FA segmented by user (R80.10)

When implementing 2FA with SMS gateway and AD (in R80.10), is it possible to have some users with 2FA and others not? The purpose it to have superadmins which can remotely access when there are issues with the SMS gateway.

Or the segmentation must be between AD users and local users?

Also for the purpose of testing, how can we setup only a user with 2FA (without enabling 2FA for all users)?

Tags (1)
0 Kudos
3 Replies
Highlighted
Admin
Admin

You can still have users authenticate with AD and be defined locally.

In fact, you have to do that for "exceptions" (for example, some users needing MFA, the rest not, or vice versa).

0 Kudos
Highlighted
Participant

I do this, but using Clearpass/Freeradius instead of AD directly.

It's merely a matter of response you send based on the user/pass request. Instead of ACCEPT, send a CHALLANGE when not super admin.

Br,

Thomas

0 Kudos
Highlighted

Hi Rui,

 

Did you find a way to get your test running, with only test users doing 2FA and not everyone?

 

Looking to do this myself.

 

Thank you

0 Kudos