Multifactor authentication can be used for controlling user access to network resources, administrator access to the admin UI, and at sign in. AppGate ZTNA provides a built-in time-based OTP provider, a built-in FIDO2 provider, and supports external RADIUS MFA providers. Once MFA providers have been configured, you can use them for creating user interactions in conditions, MFA for admins, or configuring the onboarding mode for each identity provider (IdP).
Before you start
You will need the following information before setting up an MFA provider:
If using a RADIUS server, you will need the following:
Hostname/IP address
Port
Authentication protocol
Shared secret
Shared secret challenge
Background reading:
See the Multi-stage authorization - device trust section for information about onboarding.
For information about elevating levels of trust with user interactions, see the Multi-stage authorization - elevating trust section.
For mandating multifactor authentication for administrator access, see the MFA for Admins section.
For more in-depth information about user interactions, see the User interactions page.
To use AppGate ZTNA with different RADIUS options, see the RADIUS Providers page.
Use the MFA Providers page to:
Edit the default time-based OTP provider.
Edit the default FIDO2 provider.
Configure a new MFA provider and test connections to the provider.
NOTE:
Built-in providers cannot be deleted
When you are ready to add an MFA provider, see the Configure MFA providers section.