Network/VPN/MFA

From UMIACS
Revision as of 16:20, 24 October 2022 by Mbaney (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This page outlines the steps required to enable Multi Factor Authentication (MFA) for the Pulse Secure VPN. Please note that this is mandatory as of May 10th, 2019.

Prerequisites

Configuring MFA

The Pulse VPN multi-factor authentication implementation relies on a secondary authentication source to fulfill the MFA requirement. As a result, you will be prompted for credentials twice.

  • First credential: UMIACS password
  • Second credential: Your preferred MFA verification option:
Secondary Password Value: Result
push Send a push verification to your Duo connected device.
phone Send a phone call verification to your Duo connected device.
<press YubiKey> If you have a physical YubiKey token then you would press the YubiKey for the one time password.

Please note that registering a YubiKey for use with the VPN requires the UMIACS Tech Staff to program it for you. Please contact us if you would like to register a YubiKey for this purpose. We only support registering YubiKey tokens for this purpose, no other hardware token.

Exclamation-point.png Pro-tip: Select ‘Save Settings’ on the secondary authentication prompt to have Duo automatically use your preferred method.

MFA Push Configuration Example:

  1. Connect with your existing Pulse VPN profile.
  2. Enter your UMIACS credentials for the first authentication box and tick "Save settings".
    Vpnmfa5.png
  3. Type `push` into the password field on the second authentication box, tick "Save settings", and then click Connect. You should then receive a push to your mobile device to complete authentication. This will occur every time you connect to the VPN going forward.
    Vpnmfa6.png