Common VPN and RADIUS-based endpoints and the ADSelfService Plus authenticators they support

Common VPN and RADIUS-based endpoints and the ADSelfService Plus authenticators they support

ADSelfService Plus supports the following types of authenticators for VPN MFA:

  1. One-way authenticators

    • Push Notification Authentication

    • Fingerprint/Face ID Authentication

These authenticators are automatically applicable for all the endpoints providing RADIUS authentication.

  1. Challenge-based authenticators

    • ADSelfService Plus TOTP Authentication

    • Google Authenticator

    • Microsoft Authenticator

    • Yubico OTP (hardware key authentication)

    • SMS verification and email verification

    • Zoho OneAuth TOTP

Challenge-based authenticators are applicable only when:

    • PAP is configured for RADIUS authentication.

    • The RADIUS client (VPN or endpoint server) supports challenge-response; that is, it prompts a challenge (verification code) from the user and sends back the entered challenge.

While ADSelfService Plus provides MFA enablement for all RADIUS-based VPN providers, not all authenticators supported by the product are available in these providers. This article provides a list of popular VPN providers and other RADIUS-based clients and the authenticators supported by them. 

VPN and other RADIUS clients

Supports one-way authenticators provided in ADSelfService Plus?

Supports challenge-based authenticators provided in ADSelfService Plus?

Fortinet VPN

Yes
Yes

OpenVPN Access Server (AS)

Yes
Yes

Cisco ASA AnyConnect VPN

Yes
Yes

NetMotion Mobility VPN

Yes
No
Microsoft RDGateway
Yes
No
Microsoft Routing and Remote Access Service (RRAS)
Yes
No
Palo Alto VPN (GlobalProtect client)
Yes
Yes
WatchGuard VPN
Yes
No
Sonic Wall VPN
Yes
Yes
Pulse Secure VPN
Yes
Yes
Juniper
Yes
Yes
Checkpoint
Yes
Yes
VMWare Horizon
Yes
Yes
ForcePoint
Yes
Yes
Cisco Meraki
Yes
No
Citrix/NetScaler Gateway
Yes
No

 

Note: Status of authenticator availability may change in the future.

Disclaimer: While the VPN providers listed above have been officially tested and confirmed to support the authenticators mentioned, other VPN providers and endpoints employing RADIUS protocol for authentication can support these authenticators as well. Please contact the support team (support@adselfserviceplus.com) if you have trouble assessing whether the VPN provider used in your organization supports these authenticators.

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Configuring MFA for Cisco ASA SSL VPN using RADIUS

                      This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Adaptive Security Appliance (ASA) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for VPN ...

                    • Configuring MFA for FTD VPN using RADIUS

                      This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Firepower Threat Defense (FTD) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for Cisco FTD, ...

                    • How to enable offline MFA in ADSelfService Plus

                      ManageEngine ADSelfService Plus supports offline multi-factor authentication (MFA) for Windows machine logins, User Account Control (UAC) prompt elevation, and Remote Desktop Protocol (RDP) server authentication when the product server is ...

                    • Configuring MFA for ISE with RADIUS

                      This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Identity Services Engine (ISE) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for Cisco ISE, ...

                    • Configuring RADIUS authentication for Active Directory-based actions

                      Traditional logins to resources on an organizational network involve only a username and password. However, if all the data breaches in recent years teach us anything, it is that they are not sufficient. Multi-factor authentication (MFA) has become ...

                      Related Products