Description: You've correctly configured Access Server and NPS RADIUS Server with the Azure MFA extension, but on the RADIUS server side/Azure NPS extension, customers don't see the MFA challenges (no prompts for phone calls, SMS, mobile app verification codes or mobile app push notifications).
Solution: The Azure AD MFA only supports specific MFA challenges based on the authentication method set on the RADIUS server/Azure NPS extension side:
- PAP supports all authentication methods of Azure AD MFA in the cloud:
- Phone call
- One-way text message
- Mobile app notification
- Mobile app verification code
- CHAPV2 and EAP support only:
- Phone call
- Mobile app notification
Based on the MFA challenges you need, choose the proper RADIUS authentication method for this.
Note: This is a limitation from the Azure AD MFA side, not from OpenVPN Access Server. For more information about this Microsoft Azure MFA limitation, refer to Microsoft Azure Support Forums that explain this design limitation.
If you have additional questions, please submit a ticket.
Comments
0 comments
Please sign in to leave a comment.