Hi all,
We are in the process of ordering the mobile app and also the 200B physical 2FA for our SSL VPN users and i can see that i can pull the users across from LDAP and enable 2FA on there and then as long as they are in the VPN group on LDAP then this will work fine as currently it's just a case of being in the VPN group in Active Directory and they are allowed on but my question is that as you have to enable the 2FA for a user for it to work then if we don't enable it for a user but they are in the Active Directory group then will this bypass the 2FA and let them connect as normal or is there an option to say if they're in the group but don't use 2FA then don't allow the connection ?
Hope that makes sense.
Thanks
Hi,
If there is 2FA not assigned user group is in the SSLVPN authentication/portal mapping rule, then the Fortigate will allow the user to connect to the SSL VPN without 2FA token.
Kindly refer the below document explain about the SSL VPN authentication.
If you need enforce the user to connect SSLVPN with 2FA only then you configure only the user which are assigned with Fortitoken and map them in the SSLVPN authentication/portal mapping rule.
Regards
Jamal
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.