Mobile Application
This scenario occurs if the user is configured to use only the OTP and/or Push and the RADIUS client is configured to use Mobile Application OTPs and/or Mobile Application Push authentication.
The user logs in with an OTP generated by the Mobile Application or by approval of push notification generated on their Android/iOS mobile device or Android/Apple watch. Note that PIN enforcement is strongly recommended in this configuration to provide a second authentication factor.
Supported PPTP Protocols: PAP, MSCHAPv2.
Compound Authentication Enforced
This scenario occurs if the RADIUS client is configured to use Compound Authentication. This authentication method is restricted to users who are configured to use the Mobile Application OTPs.
In this scenario, a user logs into the VPN by entering their Active Directory (AD) password, in addition to an OTP generated by the Mobile Application. For example, given an AD password of 'password' and an OTP of '123456', the user types 'password123456' into the password field of their VPN client.
|
OTPs and Whitespace OTPs are displayed in the mobile application with a space between the 3rd and 4th digits to improve readability. All authentication methods except MS-CHAPv2 strip whitespace from the provided credentials, so a user may include or exclude whitespace without affecting authentication. |
