How to use Captive Portal with Two-Factor Authentication and Google Authenticator.
Since USG-Flex / VPN and ATP firmware version v5.00, you can use Two-Factor authentication with Captive Portal (2FA). These steps will guide you through the setup of the Captive Portal with Two-Factor Authentication and Google Authenticator.
• Add extra, two-step user identity verification for network access across all premises
• Adaptive Google Authenticator also works in an offline environment
For example, here, LAN2 will be used for Captive Portal with Two-Factor Authentication and Google Authenticator.
Walkthrough Steps
- Log in to the unit by entering its IP address and the credentials for an admin account.
- Go to Configuration => Web Authentication and add here LAN2 or Network that will use for 2FA with Captive Portal:
Force User Authentication and as Authentication Type choose Google Authenticator: - Go to Configuration => Object => User and add users
Enable the Two-factor Authentication.
And follow these steps: - Confirm with entering the Verification code, and the user is bind to Google Authenticator:
- Test your setup by connecting a client device to LANx / VLANx / the associated SSID. When trying to browse the web, the web browser should forward you to the web authentication portal (wired client), where you have to type in the username and password. When using a WiFi client, you should be prompted to access the web authentication portal right after entering the WiFi preshared key.
So, we can now connect our client to LAN2 of the device, and we will get to the Captive Portal:
After logging in the second factor prompt is coming up. Have a look at your Google Authenticator app and type in the second factor key: - .Success! Your client can browse the web!
- Login Users are shown as Login users:
Now your USG-Flex / VPN and ATP can let your clients authenticate more secure using Captive Portal with Two-Factor Authentication and Google Authenticator.
Comments
0 comments
Please sign in to leave a comment.