- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MFA VPN SSL - FGT - LDAP or RADIUS by email
Hello,
Is it possible to setup MFA by email when authentication is by LDAP or RADIUS.
Actually, I use it when user authentication is on the FGT, but I never setup with LDAP or RADIUS.
Personnaly I made configuration with Duo Security it work well ( push)... But the customer does not want to pay for a license :( So I don't have choice to test email solution.
Thanks for your help
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
Yes its possible, you can use this article for the same:
First you need to extract the user from ldap to the firewall and enable email based authentication for that user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I know this tips, but isn't not that.
This tips work when user are declared on Fortigate, and it's working well.
But my authentification use LDAP and / or RADIUS. I have more 300 users on many domains.
So I just want to know if it's possible to use email MFA with LDAP authentification
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You always have to define the individual LDAP/RADIUS users when you want to enforce 2FA on Fortigate.
Bellow is an example of email authentication enabled for LDAP user.
config user local
edit "test_user"
set type ldap
set two-factor email
set email-to "test@example.com"
set username-sensitivity disable
set ldap-server "LDAP"
next
end
Boris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok I will test this week
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry this is old, but keep in mind that reissuing the MFA token will delete this setting. I've requested that they add a global default setting but no action yet.