In this example we have a username=smcldap which been enrolled in the Jumpcloud for google-auth. The Jumpcloud radius client has been enforced to use MFA for it's users.
User enablement for MFA is done in the Jumpcloud portal for each user
The Fortigate is done as a typical radius setup with the populate radius configuration
I 've set my nas-ip and source-ip in this example to ensure the address will be seen and matched by the cloud radius server-instance @ 18.204.0.31
The login for MFA is done in this fashion (userpassword,<OTP>) see this diag test output where my 6digit OTP is include after my password
MFA with Jump cloud is only via PAP for the obviously reason that the challenge and changing OTP would not work. So if you send anything other than PAP, the client will fail or timeout.
So here's a simple screenshot of me doing a login from a webUI. I add-on the format of the password and otp that I would insert ine "web form password input "
e.g 'mypassword,123456'
MFA is the method that we should be using to secure ssh, webgui, ipsec-dialup, and sslvpn.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment