Difference between revisions of "Network/VPN/MFA"

From UMIACS
Jump to: navigation, search
 
Line 7: Line 7:
 
The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement.  As a result, you will be prompted for credentials twice.
 
The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement.  As a result, you will be prompted for credentials twice.
  
* <b>First credential:</b> UMIACS Username & password
+
* <b>First credential:</b> UMIACS password
 
* <b>Second credential:</b> Your preferred MFA verification option:
 
* <b>Second credential:</b> Your preferred MFA verification option:
  
Line 15: Line 15:
 
|-
 
|-
 
| push
 
| push
| Send a push verification to your Duo connected device
+
| Send a push verification to your Duo connected device.
 
|-
 
|-
 
| phone
 
| phone
| Send a call verification to your Duo connected device.
+
| Send a phone call verification to your Duo connected device.
 
|-
 
|-
 
| <press YubiKey>
 
| <press YubiKey>
Line 29: Line 29:
  
 
==MFA Push Configuration Example:==
 
==MFA Push Configuration Example:==
# Connect with your existing Pulse VPN profile
+
# Connect with your existing Pulse VPN profile.
 
# Enter your UMIACS credentials for the first authentication box and tick "Save settings".
 
# Enter your UMIACS credentials for the first authentication box and tick "Save settings".
 
#: [[File:Vpnmfa5.png]]
 
#: [[File:Vpnmfa5.png]]
 
# Type `push` into the password field on the second authentication box, tick "Save settings", and then click Connect. You should then receive a push to your mobile device to complete authentication. This will occur every time you connect to the VPN going forward.
 
# Type `push` into the password field on the second authentication box, tick "Save settings", and then click Connect. You should then receive a push to your mobile device to complete authentication. This will occur every time you connect to the VPN going forward.
 
#: [[File:Vpnmfa6.png]]
 
#: [[File:Vpnmfa6.png]]

Latest revision as of 14:29, 29 July 2020

This page outlines the steps required to enable Multi Factor Authentication (MFA) for the Pulse Secure VPN. Please note that this is mandatory as of May 10th, 2019.

Prerequisites

Configuring MFA

The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement. As a result, you will be prompted for credentials twice.

  • First credential: UMIACS password
  • Second credential: Your preferred MFA verification option:
Secondary Password Value: Result
push Send a push verification to your Duo connected device.
phone Send a phone call verification to your Duo connected device.
<press YubiKey> If you have a physical token then you would press the YubiKey for the one time password.

Please note that registering a YubiKey for use with the VPN requires the UMIACS Tech Staff to program it for you. Please contact us if you would like to register a YubiKey for this purpose.

Exclamation-point.png Pro-tip: Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.

MFA Push Configuration Example:

  1. Connect with your existing Pulse VPN profile.
  2. Enter your UMIACS credentials for the first authentication box and tick "Save settings".
    Vpnmfa5.png
  3. Type `push` into the password field on the second authentication box, tick "Save settings", and then click Connect. You should then receive a push to your mobile device to complete authentication. This will occur every time you connect to the VPN going forward.
    Vpnmfa6.png