We're planning to introduce multi-factor authentication (MFA) for our remote VPN connections. Currently, users access the VPN from home, and we want to ensure that adding MFA doesn't complicate the process or disrupt established workflows. We're looking at options like RADIUS, SAML, and Azure MFA through NPS, and we'd love to hear experiences from those who have successfully implemented MFA in a production environment. What approaches worked best for you? Are there any common pitfalls to watch out for?
5 Answers
DUO has been a game-changer for us! Implementation was straightforward, and our users find it easy to navigate. Definitely recommend it if you're looking for a hassle-free integration.
If you're in the Microsoft ecosystem, SAML is a solid choice since it integrates well with conditional access and supports single sign-on (SSO) with solutions like Windows Hello.
We're using Cloudflare tunnels for our setup. It's somewhat VPN-like and uses Microsoft as the identity provider, showing the MS login page with MFA and conditional access.
It really depends on your existing setup. We're using Watchguard Authpoint since we have Watchguard devices as our entry points. It supports SAML, so we’ve integrated it for MFA with Microsoft 365.
For me, certificate-based authentication combined with username/password is the way to go for added security and simplicity.
I agree, DUO made our lives easier too! The user experience is great.