Common VPN and RADIUS-based endpoints and the ADSelfService Plus authenticators they support
ADSelfService Plus supports the following types of authenticators for VPN MFA:
One-way authenticators
These authenticators are automatically applicable for all the endpoints providing RADIUS authentication.
Challenge-based authenticators
Challenge-based authenticators are applicable only when:
While ADSelfService Plus provides MFA enablement for all RADIUS-based VPN providers, not all authenticators supported by the product are available in these providers. This article provides a list of popular VPN providers and other RADIUS-based clients and the authenticators supported by them. VPN and other RADIUS clients | Supports one-way authenticators provided in ADSelfService Plus? | Supports challenge-based authenticators provided in ADSelfService Plus? |
Fortinet VPN | Yes | Yes |
OpenVPN Access Server (AS) | Yes | Yes |
| Yes | Yes |
NetMotion Mobility VPN | Yes | No |
Microsoft RDGateway | Yes | No |
Microsoft Routing and Remote Access Service (RRAS) | Yes | No |
Palo Alto VPN (GlobalProtect client) | Yes | Yes |
WatchGuard VPN | Yes | No |
Sonic Wall VPN | Yes | Yes |
Pulse Secure VPN | Yes | Yes |
Juniper | Yes | Yes |
Checkpoint | Yes | Yes |
VMWare Horizon | Yes | Yes |
ForcePoint | Yes | Yes |
Cisco Meraki | Yes | No |
Citrix/NetScaler Gateway | Yes | No |
Note: Status of authenticator availability may change in the future.
Disclaimer: While the VPN providers listed above have been officially tested and confirmed to support the authenticators mentioned, other VPN providers and endpoints employing RADIUS protocol for authentication can support these authenticators as well. Please contact the support team (support@adselfserviceplus.com) if you have trouble assessing whether the VPN provider used in your organization supports these authenticators.
New to ADSelfService Plus?
Related Articles
Configuring MFA for Cisco ASA SSL VPN using RADIUS
This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Adaptive Security Appliance (ASA) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for VPN ...
Configuring MFA for FTD VPN using RADIUS
This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Firepower Threat Defense (FTD) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for Cisco FTD, ...
How to enable offline MFA in ADSelfService Plus
ManageEngine ADSelfService Plus supports offline multi-factor authentication (MFA) for Windows machine logins, User Account Control (UAC) prompt elevation, and Remote Desktop Protocol (RDP) server authentication when the product server is ...
Multi-factor authentication techniques in ADSelfService Plus
Let's take a look into the various authentication methods supported by ADSelfService Plus for enterprise multi-factor authentication (MFA). Why should you use MFA? Authentication based solely on usernames and passwords is no longer considered secure. ...
Configuring MFA for ISE with RADIUS
This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Identity Services Engine (ISE) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for Cisco ISE, ...