Who rated this post

Hello,

I am facing an issue after implementing 2MFA with IDP in RA VPN on Windows with SDL enabled.

Before implementing the second authentication factor, login with SDL worked perfectly, however after implementing 2MFA it is not possible to connect to the VPN because the client makes a redirect to open a kind of plugin and start the IDP screen, that's where it happens the error, for some reason it does not open 2mfa directly on the client screen, it has to consult this plugin first and in my opinion the error occurs because it is not possible to consult the plugin because it is not yet logged into Windows.

If I log on to the machine and try to connect to the VPN, the operation occurs successfully and the 2nd factor opens the screen in the client itself without any problem, however this is the perception that I would like to have in SDL before logging into Windows and I am not having it .

I tried to use the SK https://support.checkpoint.com/results/sk/sk180395 to make some adjustments to the client, but without success, IDP_BROWSER was already enabled as embedded in the client itself, but I think there is some validation operation that it confirms with a third party for it to work, outside the client.

Is it possible for SDL to work with 2MFA with IDPs like Azure, Cisco DUO and others?