Multi-factor authentication can be used for controlling user access to network resources, administrator access to the Admin UI, and at sign-in. Appgate SDP provides: a built-in Time-Based OTP Provider (that works with most authenticator apps), a built in FIDO2 provider and supports the use of external RADIUS MFA providers. Once MFA Providers have been configured, you can use them for creating user interactions in Conditions, MFA for Admins, or configuring the on-boarding mode for each Identity Provider.
Before you start
Information you will need:
RADIUS server hostname/IP address, port, authentication protocol, shared secret, shared secret challenge
Background reading:
On-boarding (at authentication time), refer to Multi-stage authorization - device trust
Elevating levels of trust with user interactions, refer to Multi-stage authorization - elevating trust
Mandating multi-factor authentication for administrator access, refer to MFA for Admins
Understanding user interactions in more depth refer to user interactions
Using Appgate SDP with different RADIUS options refer to: RADIUS Providers
Use the MFA Providers form to:
Configure a new MFA provider and test connections to the provider
NOTE:
Built-in providers cannot be deleted