Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
pwillekens
Employee Employee
Employee

White Paper - RAS VPN with Azure and Microsoft Authenticator MFA

This is guide will describe the full setup configuration of a Azure MFA using the Microsoft Authenticator App in combination with an Active Directory on-premises synced with Azure Active Directory.

The scope is based on VPN remote access on premises that will be moved to Azure Cloud IaaS. The authentication is Active directory credentials in combination with Azure MFA.

 

For the full list of White Papers, go here

(1)
11 Replies
SamiH
Contributor

After reading the paper, I think this works with local AD too, without Cloudguard or Azure AD? As it happens, I have a need to combine RADIUS MFA with Identity awareness. Currently we are using RADIUS MFA but the identities won't match AD users even though the used email addresses are the same as in AD accounts. 

0 Kudos
Jonathan
Collaborator

Hi Sami,

Did you ever managed to apply this solution with on-premis AD and without Cloudguard?

0 Kudos
SamiH
Contributor

We actually have the older MS MFA component which can no longer be downloaded. The new one uses explicitly the Azure AD sync.

It works with the old one, which syncs user information locally to our on-prem MFA/NPS/Radius server - which in turn talks to Azure to send the authentication verification request to user. 

0 Kudos
Jonathan
Collaborator

and do you use Cloudgard or regular on-premise VPN?

 

0 Kudos
SamiH
Contributor

Just regular on-premise vpn from Check Point gw's. I would assume it works with on-prem vpn with newer Azure MFA + AD sync to Azure, without Cloudguard still. 

pwillekens
Employee Employee
Employee

It should wokr on both as long the initial Radius request is send to the NPS server

0 Kudos
pwillekens
Employee Employee
Employee

sorry for the delay response, no i didn't apply this on premises. 

0 Kudos
Paul_Manalaysay
Participant

Hello, does this guide also works on Mobile Access VPN? The Portal-based one?
0 Kudos
pwillekens
Employee Employee
Employee

Hi Paul,

I didn't set it up for mobile Acces, but it should work as the procedure is the same.
0 Kudos
Paul_Manalaysay
Participant

Thanks a lot!
0 Kudos
am
Participant

I recommend adding instructions on how to update radius timeouts and retries when using MFA push notifications. 2 retries is too short.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events