11-02-2018 09:12 PM - edited 11-02-2018 09:13 PM
We have configured MFA using CP and using RSA as Second authen.
Under Network
Portal Authen--------------Radius
Gateway Authen ----------------Radius
Under Device
CP - Authen ---------RSA
Why we need Authen profile under Gateway??????????
should Authen profile under Portal and Gateway have to be same?????
Why we use same authen Radius on both
11-03-2018 08:13 AM
Hi @MP18
This would give you the possibility to assign different authentication profiles for portal and gateway, but as you are using the same one for both, it makes sure that users alwaya have to login with MFA (just in case the access to the portal isn't possible for whatever reason). In this situation with a not working portal the GP clients will try to connect ditectly to the gateway.
So you have now secured the access with MFA, but to make the login process for the users a little easier (so that they don't need to log in twice for establishing the connection) you should configure authentication override with a cookie lifetime of 1 minute. This way when everything works as expected a user is required to do the MFA authentication only once.
Regards,
Remo
11-03-2018 01:56 PM
The article explain the use of cookies for authentication override and the general purpose of these. The time these cookies are valid can go up to a year but if you only want to improve the user experience while maintaining a secure as possible authentication you should configure the lifetime to only 1 minute. This way the cookie can only be used for this one minute and connection attempts after this minute need to do again the full MFA authentication.
Hope this helps.
11-03-2018 08:13 AM
Hi @MP18
This would give you the possibility to assign different authentication profiles for portal and gateway, but as you are using the same one for both, it makes sure that users alwaya have to login with MFA (just in case the access to the portal isn't possible for whatever reason). In this situation with a not working portal the GP clients will try to connect ditectly to the gateway.
So you have now secured the access with MFA, but to make the login process for the users a little easier (so that they don't need to log in twice for establishing the connection) you should configure authentication override with a cookie lifetime of 1 minute. This way when everything works as expected a user is required to do the MFA authentication only once.
Regards,
Remo
11-03-2018 08:34 AM
Hi Remo,
Always good to get reply from you.
I did not understand this
should configure authentication override with a cookie lifetime of 1 minute. This way when everything works as expected a user is required to do the MFA authentication only once.
can you please explain this in more detail?
Best Regards
Mike
11-03-2018 01:56 PM
The article explain the use of cookies for authentication override and the general purpose of these. The time these cookies are valid can go up to a year but if you only want to improve the user experience while maintaining a secure as possible authentication you should configure the lifetime to only 1 minute. This way the cookie can only be used for this one minute and connection attempts after this minute need to do again the full MFA authentication.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
