The only way to have SMS working is using a third-party vendor like Duo. Yea we don't want email, the uppers want phone text authentication though, SonicWALL has no intention of supporting phone from what i can tell and have asked If the employees' email account were to be compromised then the so-called "bad actor" has the ability to log into your company through VPN. Any case, using email is not a good approach for 2FA. I used the email for the 2FA and it wasn't all that reliable. The ideal situation is to use text message authentication, but that isnt supported. we are getting flack at the company for people not wanting to use an app and our desire to avoid the email requirement. I got past the issue above with a local user that actually ended up working fine. Has anyone ran into the duplicate user issue, found a way to avoid reprompts for 2fa on every connect etc? Very curious how folks are setting this up globally as well. I have no idea what was going on there, i had to disable the group setting for 2fa and turn his off too for now too and delete that "added" account.
When i looked in the user listing i saw a NEW user was created for him, like DOMAINCOM\userid vs the old imported one of just Domain\user I turned it on for the group, he went to use it, did the portal 2fa code, that worked, but when he went back to netextender it said it wasnt bound yet at all. In one case i had a user individually in the system, then his one group as well. I have ldap enabled, but not all users show up. Which way are most people setting this up globally for all users at a time? Are you using ldap, domain users and turning it on this way? Or are you painstakingly setting it up on a user by user basis? I dont see anyway around that nor any way around forcing to use an app. some users get duplicated if using groups (i think this is the issue though im unsure) no option to do phone text verification, only app prompts for phone app every time you connect
So far in the test groups i've tried, its been a little bit of a mess. We have had to impliment 2FA security with our vpn.
0 kommentar(er)
