Setup MFA in VPNs , Windows

miniOrange provides solution for using MFA in VPN. RADIUS (Remote Authentication Dial In User Service) is a networking protocol that provides client authentication, authorization, and accounting for the network. RFC standards 2865 and 2866 describe the RADIUS accounting, respectively. The RADIUS protocol is implemented by a number of servers including Free RADIUS, Steel-Belted RADIUS, etc.

An MFA server is one that protects applications and other network resources like Virtual desktop Infrastructures and Cisco VPN’s etc. We supports various authentication methods like google authenticator, one-time passcode, softtoken, push notification, hardware token, etc.

If any RADIUS server is installed (to protect the access to a network) side by side to a b authentication server (to protect the access to network resources), then it would be advantageous to integrate these two servers so that the end user can access the resources he needs by signing on once(Single Sign-on or SSO).

Configure Single Sign-On (SSO) Settings for RADIUS Apps :

1. Login as a customer from the Admin Console.
2. Go to Apps >> Manage Apps. Click Configure Apps button.
3. Click on the Radius tab.
4. You can add any VPN clients which support radius protocol to enable 2FA on VPN. Few Popular VPNs with out of the box integration are OpenVPN, Palo Alto, Pulse Secure, Cisco VPN, Fortinet, etc. You can also add the radius client app to enable 2FA on Windows/RDP/RDWeb login, etc.

5. Click on Radius Client app.

6. Enter the Client name and IP address. Also, enter the shared secret.
7. Enable the checkbox if your Radius client doesn't support CHALLENGE.

• Login as a customer from the Admin Console.
• Go to Apps >> Manage Apps.
• Search for your app and Click on edit in Action menu against your app.