Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Different Multiple Login Options for different user groups

We have seen a large increase in the use of multifactor authentication for VPN access (endpoint, not portal). However, clients are saying that they don't need MFA for all users, only for certain groups of users (VIPs, admins, etc). They're part of the same AD, but some should be required to login with MFA, others only user/pw or only certificates.

We haven't found a way to do that with Multiple Login Options. We need to use the same Account Unit (multiple Units to the same domain cause conflicts), we cannot use a different VS for different group (overkill and not feasible).
We needan option in the User Directories of the Multiple Login Options, to be a specific LDAP group, or a specific usergroup within an LDAP Account Unit.

Anyone can think of another way to do this?

Remote Access VPN Identity Awareness 

0 Kudos
5 Replies
Employee+
Employee+

Hi @Eli_Faskha ,

 

You might be able to delegate this ability to a RADIUS server to decide which factors the users needs to go through.

Adding SAML support for RA VPN clients is on our short term roadmap, and Identity Provider certainly support such option.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
Highlighted
Copper

I (and I'm sure a lot of others) are very excited about the upcoming SAML support!
Highlighted

Thanks @Royi_Priov for the answer.

Looking forward to SAML for RA VPN clients (including Securemote).

The RADIUS option is not really an option, since one of the reasons for the request is to license only a subset of users to the MFA service. If the RADIUS/MFA service is involved in the authentication decision, then all users would need a license for that.

 

0 Kudos
Highlighted

do you think this feature can be added in a Jumbo on r80.30 or only after r80.40 release ?

 

thank in advance, we are waiting MFA/SAML for RA client for a long time.

 

regards

0 Kudos
Highlighted
Employee+
Employee+

Hi @Xavier_FIQUET 

I'm happy to get this feedback.

We are still in internal discussion about the availability, but it's too soon to publish anything - we will do our best.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos