VPN and RADIUS-based endpoints and the ADSelfService Plus authenticators

Common VPN and RADIUS-based endpoints and the ADSelfService Plus authenticators they support

ADSelfService Plus supports the following types of authenticators for VPN MFA:

  1. One-way authenticators

    • Push Notification Authentication

    • Fingerprint/Face ID Authentication

These authenticators are automatically applicable for all the endpoints providing RADIUS authentication.

  1. Challenge-based authenticators

    • ADSelfService Plus TOTP Authentication

    • Google Authenticator

    • Microsoft Authenticator

    • Yubico OTP (hardware key authentication)

    • SMS verification and email verification

    • Zoho OneAuth TOTP

Challenge-based authenticators are applicable only when:

    • PAP is configured for RADIUS authentication.

    • The RADIUS client (VPN or endpoint server) supports challenge-response; that is, it prompts a challenge (verification code) from the user and sends back the entered challenge.

While ADSelfService Plus provides MFA enablement for all RADIUS-based VPN providers, not all authenticators supported by the product are available in these providers. This article provides a list of popular VPN providers and other RADIUS-based clients and the authenticators supported by them. 

VPN and other RADIUS clients

Supports one-way authenticators provided in ADSelfService Plus?

Supports challenge-based authenticators provided in ADSelfService Plus?

Fortinet VPN

Yes
Yes

OpenVPN Access Server (AS)

Yes
Yes

Cisco ASA AnyConnect VPN

Yes
Yes

NetMotion Mobility VPN

Yes
No
Microsoft RDGateway
Yes
No
Microsoft Routing and Remote Access Service (RRAS)
Yes
No
Palo Alto VPN (GlobalProtect client)
Yes
Yes
WatchGuard VPN
Yes
No
Sonic Wall VPN
Yes
Yes
Pulse Secure VPN
Yes
Yes
Juniper
Yes
Yes
Checkpoint
Yes
Yes
VMWare Horizon
Yes
Yes
ForcePoint
Yes
Yes
Cisco Meraki
Yes
No
Citrix/NetScaler Gateway
Yes
No

 

Note: Status of authenticator availability may change in the future.

Disclaimer: While the VPN providers listed above have been officially tested and confirmed to support the authenticators mentioned, other VPN providers and endpoints employing RADIUS protocol for authentication can support these authenticators as well. Please contact the support team (support@adselfserviceplus.com) if you have trouble assessing whether the VPN provider used in your organization supports these authenticators.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial

                      • Related Articles

                      • How to enable offline MFA in ADSelfService Plus

                        ManageEngine ADSelfService Plus supports offline multi-factor authentication (MFA) for Windows machine logins, User Account Control (UAC) prompt elevation, and Remote Desktop Protocol (RDP) server authentication when the product server is ...

                      • How to enable Zoho OneAuth TOTP for MFA?

                        In enterprise networks, user identity verification is no longer carried out simply through usernames and passwords. This is because without additional authentication layers, i.e., multi-factor authentication, enterprise networks and resources become ...

                      • How to enable multi-factor authentication for RDP

                        Generally, remote employees use Microsoft Remote Desktop Protocol (RDP) to connect to their work devices from an external network, using only a password to authenticate their devices. This makes RDP-based access highly vulnerable to password-based ...

                      • Encryption and data storage in ADSelfService Plus database

                        Encryption in the ADSelfService Plus database ADSelfService Plus' database uses the following encryption methods to store sensitive data: Database Encryption method PostgreSQL AES-256-CBC Microsoft SQL AES-256-CBC The following sensitive information ...

                      • Configuring high availability in ADSelfService Plus

                        ADSelfService Plus utilizes automatic failover to support high availability in case of system and product failures. Essentially, this means that when the ADSelfService Plus service on one machine fails, another instance of ADSelfService Plus running ...

                        Related Products