Difference between revisions of "Network/VPN/MFA"

From UMIACS
Jump to navigation Jump to search
Line 1: Line 1:
 
This page outlines the steps required to enable Multi Factor Authentication (MFA) for the Pulse Secure VPN.
 
This page outlines the steps required to enable Multi Factor Authentication (MFA) for the Pulse Secure VPN.
 +
 +
{{Note| UMIACS VPN mandatory multi-factor authentication goes into effect at 8:00am on May 10th, 2019.}}
  
 
==Prerequisites==
 
==Prerequisites==
* A smart phone with the [[Duo]] mobile app downloaded.
+
* Device enrolled with [[Duo | UMIACS Duo]]
 +
 
 +
== Configuring MFA ==
 +
The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement.  As a result, you will be prompted for credentials twice.
 +
 
 +
* <b>First credential:</b> UMIACS Username & password
 +
* <b>Second credential:</b> Your preferred MFA verification option:
 +
 
 +
{|class="wikitable"
 +
!Secondary Password Value:
 +
! Result
 +
|-
 +
| push
 +
| Send a push verification to your Duo connected device
 +
|-
 +
| call
 +
| Send a call verification to your Duo connected device.
 +
|}
 +
 
 +
 
 +
{{Note|<b>Pro-tip:</b> Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically send you a push.}}
 +
 
  
==Enabling MFA Authentication==
 
# Visit https://vpn.umiacs.umd.edu/mfa and login.
 
#: [[File:Vpnmfa1.png]]
 
# Click "Start setup" to begin the Duo setup for your account. The remaining steps assume you are using a mobile phone as your other factor.
 
#: [[File:Vpnmfa2.png]]
 
# Select Mobile phone and click Continue.
 
#: [[File:Vpnmfa2pt5.png]]
 
# Enter your phone number and tick the checkbox to verify it was properly entered. Click Continue.
 
#: [[File:Vpnmfa2pt75.png]]
 
# Click either "Call me" or "Text me" and you will receive a 6-digit code for verification. Enter the code, click Verify, and click Continue.
 
#: [[File:Vpnmfa2pt75pt5.png]]
 
# Towards the end of the setup after you have verified your mobile phone, select "Automatically send this device a Duo push" and Save.
 
#: [[File:Vpnmfa3.png]]
 
  
==Setting up the VPN Profile==
+
==MFA Push Configuration Example:==
# In your Pulse Secure client on your laptop or other off-site machine, create a new profile specifying https://vpn.umiacs.umd.edu/mfa as the URL and then click Connect.
+
# Connect with your existing Pulse VPN profile
#: [[File:Vpnmfa4.png]]
 
 
# Enter your UMIACS credentials for the first authentication box and tick "Save settings".
 
# Enter your UMIACS credentials for the first authentication box and tick "Save settings".
 
#: [[File:Vpnmfa5.png]]
 
#: [[File:Vpnmfa5.png]]
 
# Type `push` into the password field on the second authentication box, tick "Save settings", and then click Connect. You should then receive a push to your mobile device to complete authentication. This will occur every time you connect to the VPN going forward.
 
# Type `push` into the password field on the second authentication box, tick "Save settings", and then click Connect. You should then receive a push to your mobile device to complete authentication. This will occur every time you connect to the VPN going forward.
 
#: [[File:Vpnmfa6.png]]
 
#: [[File:Vpnmfa6.png]]

Revision as of 13:48, 25 April 2019

This page outlines the steps required to enable Multi Factor Authentication (MFA) for the Pulse Secure VPN.

Exclamation-point.png UMIACS VPN mandatory multi-factor authentication goes into effect at 8:00am on May 10th, 2019.

Prerequisites

Configuring MFA

The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement. As a result, you will be prompted for credentials twice.

  • First credential: UMIACS Username & password
  • Second credential: Your preferred MFA verification option:
Secondary Password Value: Result
push Send a push verification to your Duo connected device
call Send a call verification to your Duo connected device.


Exclamation-point.png Pro-tip: Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically send you a push.


MFA Push Configuration Example:

  1. Connect with your existing Pulse VPN profile
  2. Enter your UMIACS credentials for the first authentication box and tick "Save settings".
    Vpnmfa5.png
  3. Type `push` into the password field on the second authentication box, tick "Save settings", and then click Connect. You should then receive a push to your mobile device to complete authentication. This will occur every time you connect to the VPN going forward.
    Vpnmfa6.png