How to do Two-Factor Authentication with Active Directory Users

Created - Updated
Serhii Boiarynov
Idea generator
Great answers
Master (Platinum)
Print Friendly and PDF
Have more questions? Submit a request

Background
Domain network security is more and more important for all users. Suppose another person hacks your personal data due to your account without any protection. Then this will hit you hard and your company.
The more we need additional authentication before accessing into a secured network, this will and can protect your data in the end. You can follow this procedure to set up Two-Factor Authentication with
your AD server. Then you can force all users to do additional authentication before accessing your network.

 

Scenario and Topology
The topology and the setup steps are shown below.
1. Public IP address on the USG

mceclip0.png

Configuration


Step.1 Set Up AD authentication in AAA server
Go to CONFIGURATION > Object > AAA Server click Edit to setup AD authentication info.

mceclip1.png

Step.2 Add AD authentication into Auth. Method
Go to Configuration > Object > Auth. Method > Authentication Method > Click “Edit” button to change the default profile

mceclip2.png

Step.3 Enable Two-Factor Authentication on USG
Go to Configuration > Object > Auth. Method > Two-Factor Authentication

mceclip4.png

Step.4 Setup SMTP setting on USG
Go to Configuration > System > Notification > Mail Server

mceclip5.png

Step.5 Setup mail attribute on the AD server
Go to Start > Administrative Tools > Active Directory Users and Computers > Edit User’s Email in General table.

mceclip6.png

Step.6 Setup L2TP VPN tunnel rule on USG(by Wizard)
Go to Configuration and Click “Setup Wizard” button to create L2VPN
tunnel by wizard

mceclip7.png

mceclip8.png

(2) Select a VPN setting for L2TP VPN settings to create an L2TP VPN rule.

mceclip9.png

(3) Select L2TP VPN Gateway interface and Pre-Shared Key for your rule.

mceclip10.png

(4) Enter your L2TP Pool range which will assign to the client after established VPN tunnel. (the pool range can’t overlap to any interface IP subnet)

mceclip11.png

(5) After everything is done, you can review your L2TP setting summary and save
the configuration

mceclip12.png

Verification
After setup these configurations on USG and your AD server. After the client established an L2TP VPN tunnel by AD account, USG will send “Two-factor Authentication” mail to the client. The traffic will work after the client click authorized button in the mail.

mceclip13.png

Articles in this section

See more
Was this article helpful?
1 out of 1 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.