This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rui_Pereira1
Participant
‎2019-01-15 04:14 AM

2FA segmented by user (R80.10)

When implementing 2FA with SMS gateway and AD (in R80.10), is it possible to have some users with 2FA and others not? The purpose it to have superadmins which can remotely access when there are issues with the SMS gateway.

Or the segmentation must be between AD users and local users?

Also for the purpose of testing, how can we setup only a user with 2FA (without enabling 2FA for all users)?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-01-15 06:07 AM

You can still have users authenticate with AD and be defined locally.

In fact, you have to do that for "exceptions" (for example, some users needing MFA, the rest not, or vice versa).

0 Kudos
Thomas_Andersen
Participant
‎2019-02-04 07:08 AM

I do this, but using Clearpass/Freeradius instead of AD directly.

It's merely a matter of response you send based on the user/pass request. Instead of ACCEPT, send a CHALLANGE when not super admin.

Br,

Thomas

0 Kudos
NorthernNetGuy
Advisor
‎2019-06-21 05:49 AM

Hi Rui,

 

Did you find a way to get your test running, with only test users doing 2FA and not everyone?

 

Looking to do this myself.

 

Thank you

0 Kudos