MFA method for FortiClinet VPN connection

Dan 81 Reputation points
2023-11-28T13:32:57.8366667+00:00

Hello,

I am currently conducting tests on the integration of the Microsoft Authenticator app with VPN login on our FortiGate VPN.

Within our infrastructure, we have deployed both the FortiGate firewall and a Network Policy Server (NPS). The NPS server and FortiGate configurations have been successfully implemented.

However, I am encountering an issue where, during VPN login, I am required to manually open the MS Authenticator app and enter a 6-digit code. I am seeking a solution to enable push notifications for a more seamless authentication process with MS Authenticator during VPN connections. Is there a method to implement push notifications for MS Authenticator in this context?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,540 questions
0 comments No comments
{count} votes

Accepted answer
  1. Domooney-MSFT 2,576 Reputation points Microsoft Employee
    2023-11-30T15:44:53.8+00:00

    Hi Dan,

    Thank you for posting your query on Microsoft Q&A!

    There is a registry key you can add to your NPS server which can force the MFA method to push notifications.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa

    Create the following String/Value pair:

    Name: OVERRIDE_NUMBER_MATCHING_WITH_OTP

    Value = FALSE

    We have details on this here - https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension-vpn

    Let me know if you have any further queries or issues and I would be happy to help!

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful