Common VPN and RADIUS-based endpoints and the ADSelfService Plus authenticators they support
ADSelfService Plus supports the following types of authenticators for VPN MFA:
One-way authenticators
These authenticators are automatically applicable for all the endpoints providing RADIUS authentication.
Challenge-based authenticators
Challenge-based authenticators are applicable only when:
While ADSelfService Plus provides MFA enablement for all RADIUS-based VPN providers, not all authenticators supported by the product are available in these providers. This article provides a list of popular VPN providers and other RADIUS-based clients and the authenticators supported by them. VPN and other RADIUS clients | Supports one-way authenticators provided in ADSelfService Plus? | Supports challenge-based authenticators provided in ADSelfService Plus? |
Fortinet VPN | Yes | Yes |
OpenVPN Access Server (AS) | Yes | Yes |
| Yes | Yes |
NetMotion Mobility VPN | Yes | No |
Microsoft RDGateway | Yes | No |
Microsoft Routing and Remote Access Service (RRAS) | Yes | No |
Palo Alto VPN (GlobalProtect client) | Yes | Yes |
WatchGuard VPN | Yes | No |
Sonic Wall VPN | Yes | Yes |
Pulse Secure VPN | Yes | Yes |
Juniper | Yes | Yes |
Checkpoint | Yes | Yes |
VMWare Horizon | Yes | Yes |
ForcePoint | Yes | Yes |
Cisco Meraki | Yes | No |
Citrix/NetScaler Gateway | Yes | No |
Note: Status of authenticator availability may change in the future.
Disclaimer: While the VPN providers listed above have been officially tested and confirmed to support the authenticators mentioned, other VPN providers and endpoints employing RADIUS protocol for authentication can support these authenticators as well. Please contact the support team (support@adselfserviceplus.com) if you have trouble assessing whether the VPN provider used in your organization supports these authenticators.
New to ADSelfService Plus?
Related Articles
How to enable offline MFA in ADSelfService Plus
ManageEngine ADSelfService Plus supports offline multi-factor authentication (MFA) for Windows machine logins, User Account Control (UAC) prompt elevation, and Remote Desktop Protocol (RDP) server authentication when the product server is ...
How to enable Zoho OneAuth TOTP for MFA?
In enterprise networks, user identity verification is no longer carried out simply through usernames and passwords. This is because without additional authentication layers, i.e., multi-factor authentication, enterprise networks and resources become ...
How to enable multi-factor authentication for RDP
Generally, remote employees use Microsoft Remote Desktop Protocol (RDP) to connect to their work devices from an external network, using only a password to authenticate their devices. This makes RDP-based access highly vulnerable to password-based ...
Encryption and data storage in ADSelfService Plus database
Encryption in the ADSelfService Plus database ADSelfService Plus' database uses the following encryption methods to store sensitive data: Database Encryption method PostgreSQL AES-256-CBC Microsoft SQL AES-256-CBC The following sensitive information ...
Configuring high availability in ADSelfService Plus
ADSelfService Plus utilizes automatic failover to support high availability in case of system and product failures. Essentially, this means that when the ADSelfService Plus service on one machine fails, another instance of ADSelfService Plus running ...