View Source

If you plan to deploy only the One-time password based authentication in your user base using OTP tokens such as Deepnet SafeID, MobileID, then you will configure your Juniper VPN in such way that it will use your AD as the primary authentication server and your DualShield as the secondary authentication server.
Your AD will be responsible for verifying users’ AD passwords and your DualShield will be responsible for verifying users’ one-time passwords only.

Edit Logon Procedure

In the DualShield Administration Console, edit the Logon Procedure for your Juniper VPN Application. You will only require One Logon Step, typically “One-Time Password” as the authentication method:

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > image-2024-11-29_9-57-9.png

Configure Juniper VPN

Under Authentication Servers set up an LDAP authentication server:

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > image2019-12-5_11-36-11.png

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > image2019-12-5_11-38-31.png

2. Edit User Authentication Realm

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > Radius Configuration.png

Set LDAP as the first authentication server and DualShield Radius as the Second authentication server.

3. Define the Role Mapping, e.g.

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > image2019-12-5_12-13-45.png

3. Under Signing In → Sign-in Policies create a new Signing URL:

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > Radius Configuration 3.png

Test Logon

At logon, Juniper SA will present a logon form with the user name, password and the secondary password:

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > Test Logon.png

Enter your AD password in the "Password" field and an OTP in the "Secondary password" field.

DualShield MFA Platform > One-Step Logon [JNP-RADIUS] > Test logon 2.png

Edit Logon Procedure

Configure Juniper VPN

Test Logon

Related Articles