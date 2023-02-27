Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersIs anyone using Forticlient VPN with Microsoft MFA?
Paul1977

4587 posts

Uber Geek


#303673 27-Feb-2023 10:48
Send private message quote this post

I have this configured to VPN into on-prem network with Fortigate talking to RADIUS, which in turn talks to Azure. It works perfectly for push notifications to the Authenticator app, you just approve them and you're away.

 

However, it's not working if the default sign-in method for MFA is not a notification (i.e. if the user is configured to use a one-time code or text message code). If the user is set up for text message codes, they receive the text message and are prompted to enter the code into the FortiClient software, but the connection then just times out. If the user is set up to use the one-time code from the app, they are again prompted but then it just times out after entering it.

 

I have a bit if a niche case for one particular user who we need to authenticate via text message, so it would be great if anyone has this working who could point me in the right direction. Google isn't helping.

 

Thanks

Create new topic
Paul1977

4587 posts

Uber Geek


  #3042602 27-Feb-2023 10:56
Send private message quote this post

Actually, I just found a couple of things that I missed on previous searches that might help me. I'll update if they solve the issue. But I'd still be keen to hear from anyone who might already have this working.

Affiliate link
 
 
 

Affiliate link: Shop Mighty Ape for electronics, games, computers books and more.
BarTender
3454 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3042620 27-Feb-2023 11:31
Send private message quote this post

Depending on your Radius Server and Fortigate/Forticlient all play together it should support doing a Challenge via Radius.
But experience has shown me the best two ways to achieve corporate VPN is either pure username/password pointing to onprem AD or bypassing MFA challenge. Or issue a user certificate to the managed device and use that to auth to VPN with the associated PIN / Smart card challenge locally and back end CRL/OCSP checking to make sure the certificate hasn’t been revoked.




and


gbwelly
1171 posts

Uber Geek


  #3042769 27-Feb-2023 13:05
Send private message quote this post

Paul1977:

 

I have a bit if a niche case for one particular user who we need to authenticate via text message, so it would be great if anyone has this working who could point me in the right direction. Google isn't helping.

 

Thanks

 

 

 

 

Configured this a few years ago with Azure MFA extensions for NPS. Same conclusion as you, ended up offering only App approval or phone call as MFA methods for this very reason. Not helpful I know, but at the time there was no way to get an interface prompt to enter a code. I'm not aware of this changing since, so would be interested to hear if you do crack the puzzle.

 

 







Create new topic





News and reviews »

Synology DS923+ Review
Posted 15-Jan-2023 16:59

HP EliteBook 860 16-inch G9 Review
Posted 19-Dec-2022 13:02

Formula 1 on Sky From 2023
Posted 16-Dec-2022 13:33

TVNZ To Become the Home of New Zealand Cricket
Posted 16-Dec-2022 10:18

Spark Announces Exit of Spark Sport in the Second Half of 2023
Posted 16-Dec-2022 10:13

Zeronet Launches Its Sustainable Internet Service
Posted 13-Dec-2022 09:58

Epson Launches New 4K Pro-UHD Home Theatre Projector
Posted 9-Dec-2022 11:00

Dyson Zone Headphones and Personal Air Purifier to Launch in January 2023
Posted 8-Dec-2022 13:02

Hundreds of Drivers Lodging Backpay Claims With Uber
Posted 7-Dec-2022 09:25

Small Town Newspaper in New Zealand First With Google
Posted 6-Dec-2022 14:41

HP Spectre x360 2-in-1 Laptop Review
Posted 30-Nov-2022 15:38

Keeping Your Guard up in the Face of Socially Engineered Scams
Posted 28-Nov-2022 17:37

JBL Quantum 810 Wireless Review
Posted 25-Nov-2022 12:23

Netgear Orbi RBKE963 Quad-Band WiFi 6E Mesh System Review
Posted 25-Nov-2022 10:53

Seagate Introduces New Star Wars-inspired HDDs
Posted 24-Nov-2022 10:24








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.




RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Slack
Geekzone on Twitter
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 