Meraki

Community

Google 2FA for Meraki VPN

wjlawrence
New here
‎Mar 18 2022 8:01 AM
‎Mar 18 2022 8:01 AM

Google 2FA for Meraki VPN

Got a request to use google 2FA for Meraki VPN.  I can't find any reference documents supporting this.  

 

Is it supported and is there any documentation about it?

 

Thank you in advance.

 

Bill

 

Labels:
0 Kudos
7 Replies 7
Inderdeep
Kind of a big deal
Kind of a big deal
‎Mar 18 2022 8:22 AM
‎Mar 18 2022 8:22 AM

@wjlawrence : check this out

https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
In response to Inderdeep
wjlawrence
New here
‎Mar 18 2022 8:40 AM
‎Mar 18 2022 8:40 AM

I don't see a reference to being able to use Google Authenticator for client-side VPN?

 

Any thoughts on how that would be achieved?  

 

Bill

 

0 Kudos
In response to wjlawrence
Inderdeep
Kind of a big deal
Kind of a big deal
‎Mar 18 2022 9:19 AM
‎Mar 18 2022 9:19 AM

Did you check below the additional resources in the link 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 18 2022 11:08 AM
‎Mar 18 2022 11:08 AM

Meraki doesn't support 2FA for client VPN. You will need to use a third party for that. This is an example of how to use DUO:

 

https://duo.com/docs/meraki-radius 

Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 18 2022 11:10 AM
‎Mar 18 2022 11:10 AM

You will also need to work with support to change the radius timeout for client VPN, the default is 5s which is not enough for FA. Usually, 30 seconds and above work fine.

0 Kudos
Make_IT_Simple
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Mar 18 2022 11:11 AM
‎Mar 18 2022 11:11 AM

This doc should also help: https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication#Using...

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 18 2022 6:17 PM
‎Mar 18 2022 6:17 PM

Are you a Google GSuite customer and have Google MFA integrated into that?  If so, you may be able to use Cisco AnyConnect in SAML mode to Google GSuite.

https://documentation.meraki.com/MX/AnyConnect_on_the_MX_Appliance/Authentication 

 

Otherwise, no.  I am not aware of anything else that can use Google Authenticator.

 

I use Cisco Duo for most of my customers (with SAML ideally).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.