Access Server MFA Audit
-
PQuintela
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Aug 04, 2021 4:27 pm
Access Server MFA Audit
Hi, I recently deployed Google Authenticator on my Access Server installs and aside from a few hiccups it's been working great. One of those hiccups however was that users with old profiles are able to bypass the Authenticator requirements. Is there a way for me to see if users have an Authenticator tied to their account within either the web interface or the CLI? I'd like to give users who don't have one tied to their accounts a gentle shove in the right direction
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Access Server MFA Audit
Hello PQuintela,
A 2FA bypass is a really serious thing. But I don't think that's what's actually happening here.
Can you verify that you are NOT using the 'openvpn' bootstrap account,
and that you have enabled Google Authenticator,
and that you restarted your Access Server(s) so the new setting is applied,
and that the 'old accounts' are not using autologin type profiles?
Kind regards,
Johan
A 2FA bypass is a really serious thing. But I don't think that's what's actually happening here.
Can you verify that you are NOT using the 'openvpn' bootstrap account,
and that you have enabled Google Authenticator,
and that you restarted your Access Server(s) so the new setting is applied,
and that the 'old accounts' are not using autologin type profiles?
Kind regards,
Johan
OpenVPN Inc.Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support