If you plan to deploy only the onOn-demand Demand password based authentication in your user base using Deepnet T-Pass, then you will configure your Juniper in such way that it will use your DualShield Radius server as the primary authentication server.
Your DualShield server will be responsible for verifying both users’ AD password and oneOne-time Time passwords. There should be no secondary Secondary authentication servers.
Edit Logon Procedure
In the DualShield Management Administration Console, edit the logon procedure Logon Procedure for your Juniper VPN application.
You will need to define two logon steps: the Two Logon Steps: The first step requires users to enter their static password "Static Password" (AD password), which will also trigger the DualShield server Server to send the user’s on"On-demand Demand password". The second Hence the Second step will then ask prompt users to enter their on-demand password"On-Demand Password".
Configure Juniper
...
- Select "Auth Server" and select the DualShield Radius Server entry you have created, scroll down to the "Custom Radius Rules":
- Select "New Radius Rule", and populate the form below:
- Click "Save Changes"
- Use the DualShield Radius Server as the only authentication Server in the User Realm
- Set up a Role Mapping Rule
- Select "Auth Server" and select the DualShield Radius Server entry you have created, scroll down to the "Custom Radius Rules":
f. Under Signing In → Sign-in Policies create a new Signing URL:
...
- Users will be first asked to enter their user name User Name and AD password
- The user name and password will be submitted to the DualShield Server to be verified. When the DualShield has successfully verified the user and its password, it will generate an time-time password and send it to the user by SMS or email. The user will then be asked to enter the one-time password:
- Users will be first asked to enter their user name User Name and AD password