In the Windows NPS server, where the NPS extension is going to be installed, set the Authentication settings of the Connection Request Policy to Authenticate requests on this sever.Make sure you have updated the Access URL before installing the NPS extension. The Access URL you have configured in Admin → Product Settings → Connection → Configure Access URL will be used by the NPS extension to communicate with the ADSelfService Plus server.In Active Directory, set users’ Network Access Permission to Control access through NPS Network Policy in their Dial-in properties.Note: If you are using an untrusted certificate in ADSelfService Plus to enable HTTPS, you must disable the Restrict user access when there is an invalid SSL certificate option in Configuration → Administrative Tools → GINA/Mac/Linux (Ctrl+Alt+Del) →GINA/Mac/Linux Customization → Advanced. Enable HTTPS in ADSelfService Plus ( Admin → Product Settings → Connection).For the RADIUS server, you must use a Windows server (Windows Server 2008 R2 and above) with NPS role enabled.Configure your VPN or endpoint server to use RADIUS authentication.
#Vpn guard plugin license#
Professional Edition license of ADSelfService Plus.The user is granted access to the VPN or endpoint server and establishes an encrypted tunnel to the internal network.Ĭonfiguring MFA for VPN and RADIUS-supporting endpoints Prerequisites:.If the authentication is successful, the NPS server sends a RADIUS Access-Accept message to the VPN or endpoint server.ADSelfService Plus performs the secondary authentication and sends the result to the NPS extension in the NPS server.
#Vpn guard plugin password#
If the username and password combination is correct, the NPS extension triggers a request for second-factor authentication with the ADSelfService Plus server.The server converts the request to a RADIUS Access-Request message and sends it to the NPS server where the ADSelfService Plus’ NPS extension is installed.A user tries to establish a connection by providing their username and password to the VPN or endpoint server.Once the VPN or endpoint (Microsoft RD Gateway, VMware Horizon View, etc.) server is configured to use RADIUS authentication, and the NPS extension is installed in the RADIUS server, here is how the authentication process will work: This extension facilitates communication between the NPS server and ADSelfService Plus for MFA during VPN and endpoint logins. It comes bundled with a NPS extension, which should be installed in the NPS server.
#Vpn guard plugin how to#
How to enable MFA for VPN logins and RADIUS-supported endpoint loginsĪDSelfService Plus' Endpoint MFA adds an extra step of authentication for VPN and endpoint logins that use RADIUS authentication (like Microsoft Remote Desktop Gateway and VMware Horizon View, etc.) for enhanced security.ĪDSelfService Plus requires the usage of a Windows Network Policy Server (NPS) in the VPNs and endpoints.