Using my Client VPN, can I integrate Google Authenticator as a 2FA

Solved
D2Flores
Here to help

Using my Client VPN, can I integrate Google Authenticator as a 2FA

Hi,

 

For our Client VPN, we are checking the possibility of integrating Google or Microsoft Authenticator as a 2FA. Do we have any other options aside from Duo?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

If you use Microsoft NPS with the NPS extension then you can use Microsoft MFA.  It's a lot of messing about.  It has poor logging and diagnostics.  It tends to break about once a year and you have to randomly do things (because of a lack of logs and diagnostics) to get it going again.  If you have access to free labour then this is an attractive option.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension 

 

Cisco Duo requires that you install the authentication proxy which provides RADIUS, and can back directly into Active Directory.  It has lots of logs so you can see what's happening.  You'll probably have it going in 30 minutes (once you have all your users enrolled), and never need to touch it again.

https://duo.com/docs/meraki-radius 

 

 

Note that both solutions require you to use "push" notifications, so the users must install the relevant app on the mobile device.

View solution in original post

2 Replies 2
Inderdeep
Kind of a big deal
Kind of a big deal

@D2Flores : check this article and scroll down at the end you will see google there 

https://documentation.meraki.com/General_Administration/Other_Topics/Two-Factor_Authentication

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
PhilipDAth
Kind of a big deal
Kind of a big deal

If you use Microsoft NPS with the NPS extension then you can use Microsoft MFA.  It's a lot of messing about.  It has poor logging and diagnostics.  It tends to break about once a year and you have to randomly do things (because of a lack of logs and diagnostics) to get it going again.  If you have access to free labour then this is an attractive option.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension 

 

Cisco Duo requires that you install the authentication proxy which provides RADIUS, and can back directly into Active Directory.  It has lots of logs so you can see what's happening.  You'll probably have it going in 30 minutes (once you have all your users enrolled), and never need to touch it again.

https://duo.com/docs/meraki-radius 

 

 

Note that both solutions require you to use "push" notifications, so the users must install the relevant app on the mobile device.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels