This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Rui_Pereira1
Participant
‎2019-01-15 04:14 AM

2FA segmented by user (R80.10)

When implementing 2FA with SMS gateway and AD (in R80.10), is it possible to have some users with 2FA and others not? The purpose it to have superadmins which can remotely access when there are issues with the SMS gateway.

Or the segmentation must be between AD users and local users?

Also for the purpose of testing, how can we setup only a user with 2FA (without enabling 2FA for all users)?

0 Kudos
Reply
3 Replies
PhoneBoy
Admin
Admin
‎2019-01-15 06:07 AM

You can still have users authenticate with AD and be defined locally.

In fact, you have to do that for "exceptions" (for example, some users needing MFA, the rest not, or vice versa).

0 Kudos
Reply
Thomas_Andersen
Participant
‎2019-02-04 07:08 AM

I do this, but using Clearpass/Freeradius instead of AD directly.

It's merely a matter of response you send based on the user/pass request. Instead of ACCEPT, send a CHALLANGE when not super admin.

Br,

Thomas

0 Kudos
Reply
David_Spencer
Advisor
‎2019-06-21 05:49 AM

Hi Rui,

 

Did you find a way to get your test running, with only test users doing 2FA and not everyone?

 

Looking to do this myself.

 

Thank you

0 Kudos
Reply