To integrate 2FA, you can enable RADIUS authentication in SonicWall and configure policies in miniOrange to enable or disable 2FA for users. You can opt for any of the 2FA methods to secure your SonicWall. MiniOrange supports multiple 2FA/MFA authentication methods for SonicWall secure access such as, Push Notification, Soft Token, Microsoft / Google Authenticator etc. What are different 2FA/MFA methods for SonicWall supported by miniOrange?
Here user submits the response/code which he receives on his hardware/phone.Now miniOrange RADIUS Server asks for a 2-factor authentication challenge to the user.Once the user's first level of authentication gets validated AD sends the confirmation to RADIUS Server.
When using two-factor authentication with the NetExtender Windows client, the login process through the client is very similar to logging in through the Web page. The following passcode can be received through email or cellphone (if SMS is configured). In this example, the M.ID server asks the user to supply two challenges. Some RADIUS servers may require the user to respond to several challenges to complete the authentication. When prompting the user to input the challenge code, the message “Please enter the M.ID PIN:” is the reply message from the RADIUS server in this example different RADIUS servers may have different reply message formats. With Web login, the Username and Password fields are used to enter the first-stage credentials. This section provides examples of the two-factor authentication login prompts when using Web login and NetExtender. Two-Factor Authentication Login Processes After verification, a RADIUS access-accept message is sent to the SRA server for authentication. The One Time Password within the authentication request is verified on the VASCO IdentiKey. VASCO IdentiKey allows users to utilize the VASCO DIGIPASS concept that uses One Time Passwords that are assigned for time segments that provide easy and secure SRA remote access. VASCO IdentiKey combined with Dell SonicWALL SRA and firewall VPN appliances creates an open-market approach delivered through VASCO IdentiKey technology. VASCO Data Security delivers reliable authentication through the use of One Time Password technology. VASCO utilizes Digipass tokens to authenticate through a VASCO IdentiKey server. VASCO is a public company that provides user authentication products. RSA is not supported on all hardware platforms and is supported via RADIUS only. RSA utilizes RSA SecurID tokens to authenticate through an RSA Authentication Manager server. RSA is an algorithm for public-key cryptography. Supported Two-Factor Authentication Providers RSA
If the PIN is correct and the token code is correct and current, the user is authenticated.īecause user authentication requires these two factors, the dual RADIUS servers solution, the RSA SecureID solution, and the VASCO DIGIPASS solution offers stronger security than traditional passwords (single-factor authentication). When the RSA or VASCO server authenticates the user, it verifies that the token code timestamp is current. The token cards display a new temporary token code every minute. Users receive the temporary token codes from their RSA or VASCO token cards. Physical tokens that the administrator gives to users which display temporary token codes.