MS RRAS + MS VPN Client + Google Authenticator + SecureMFA
I'm running on-premise Windows Server 2019 domain, and Microsoft RRAS to allow remote users access to the local network. Remote users are using the built-in Microsoft VPN SSTP for Windows 10 clients and L2TP for Mac clients.
My objective is to bolster security to the VPN authentication using Google Authenticator style MFA (TOTP), especially since some of those users are already using Google Authenticator for other resources.
During my research, I had stumbled onto a discussion about it on this site, specifically about SecureMFA's solution: Active Directory + Google Authenticator - AD FS, or how?
Plus I also found that they're even listed in MS docs as a legitimate 3rd-party MFA ADFS provider: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs
My question is has anyone implemented SecureMFA for MS RRAS and the built-in Windows VPN client? Does Windows VPN client even support the TOTP? How would the user enter the 6-digit code, for example? Normally, the user would be prompted for the 6-digit code by the application, or a web page form.
I have actually contacted the vendor, but they're not sure if Windows 10 VPN client support ADFS protocols.
Solution 1:
You can setup this up with Cisco DUO by:
Username: [username] password: [password] , [6 digit code]
This is called append method this also works with OTP Username: [username] password: [password] , [OTP code for hardware token]