Meraki

Community

Using my Client VPN, can I integrate Google Authenticator as a 2FA

Solved
D2Flores
Here to help
‎Sep 30 2021 3:37 AM
‎Sep 30 2021 3:37 AM

Using my Client VPN, can I integrate Google Authenticator as a 2FA

Hi,

 

For our Client VPN, we are checking the possibility of integrating Google or Microsoft Authenticator as a 2FA. Do we have any other options aside from Duo?

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 30 2021 1:44 PM
‎Sep 30 2021 1:44 PM

If you use Microsoft NPS with the NPS extension then you can use Microsoft MFA.  It's a lot of messing about.  It has poor logging and diagnostics.  It tends to break about once a year and you have to randomly do things (because of a lack of logs and diagnostics) to get it going again.  If you have access to free labour then this is an attractive option.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension 

 

Cisco Duo requires that you install the authentication proxy which provides RADIUS, and can back directly into Active Directory.  It has lots of logs so you can see what's happening.  You'll probably have it going in 30 minutes (once you have all your users enrolled), and never need to touch it again.

https://duo.com/docs/meraki-radius 

 

 

Note that both solutions require you to use "push" notifications, so the users must install the relevant app on the mobile device.

View solution in original post

2 Replies 2
Inderdeep
Kind of a big deal
‎Sep 30 2021 6:47 AM
‎Sep 30 2021 6:47 AM

@D2Flores : check this article and scroll down at the end you will see google there 

https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication

Personal Blogs https://www.thenetworkdna.com/
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 30 2021 1:44 PM
‎Sep 30 2021 1:44 PM

If you use Microsoft NPS with the NPS extension then you can use Microsoft MFA.  It's a lot of messing about.  It has poor logging and diagnostics.  It tends to break about once a year and you have to randomly do things (because of a lack of logs and diagnostics) to get it going again.  If you have access to free labour then this is an attractive option.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension 

 

Cisco Duo requires that you install the authentication proxy which provides RADIUS, and can back directly into Active Directory.  It has lots of logs so you can see what's happening.  You'll probably have it going in 30 minutes (once you have all your users enrolled), and never need to touch it again.

https://duo.com/docs/meraki-radius 

 

 

Note that both solutions require you to use "push" notifications, so the users must install the relevant app on the mobile device.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.