Hello,
I have a customer (currently on R81 HFA44) who would like to fully realize the following scenario for the connection of his users via Harmony Endpoint (currently on E86.10):
1. RADIUS auth with MFA for users in a specific AD group (i.e. VPN_WITH MFA), WITHOUT password change from the CP Harmony Endpoint (they do it from the Azure portal)
2. users in this specific group (VPN_WITH_MFA) must NOT be able to change the authentication to LDAP in the CP Harmony Endpoint local configuration
3. LDAP auth for users in a different AD groups (i.e. VPN_USERS) but WITH change password from the CP Harmony Endpoint.
All the configuration and devices are on premise, except the users of the VPN_WITH_MFA who are on Azure and using Microsoft Authenticator through Radius.
Actually, points 1 & 3 are working, but users in the VPN_WITH_MFA group are able to bypass the MFA authentication by simply selecting the login via Username&Password in their Harmony Endpoint client.
In fact, the actual configuration is the following:
Is there a way to allow the 1 & 2 & 3 configuration at the same time?
Thank you,
Luca
| User | Count |
|---|---|
| 3 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Thu 25 Apr 2024 @ 11:00 AM (CEST)
CheckMates in Russian - Возможности и риски искусственного интеллектаThu 25 Apr 2024 @ 11:00 AM (CEST)
CheckMates in Russian - Возможности и риски искусственного интеллектаThu 02 May 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
