I am convinced this is another "problem in the making" because of the vendor's choice of vernacular.
Most people think of setting and resetting MFA, and that is what they will search for. However, they will never find the aforementioned KB article because it does not use those keywords.
Some technicians think of bind and unbinding a device, and that is what SonicWall has selected to use.
I would never pass the SW exam because I can't be bothered keeping track of this kind of nonsense.
If you've got the group synced with LDAP then the quickest way to do this is delete the user from the firewall. The user gets created the first time they log in and bind their TOTP. You would lose any manual permissions you might have set on the user, but we don't do that so it's not an issue.
hello @Arkwright, could you detail how doing this "the quickest way to do this is delete the user from the firewall"? On a 7.1.1, I have the AD Group mirrored from the Active Directory and member of SSL VPN Services. On the Group is enabled TOTP.
User is correctly recognized by the AD and assigned privileged SSL access, but is only present in the Status (User and SSL) that allow me only to kick him off, not delete him.
So I miss the operation to delete such user in order to unbind the TOTP assigned.
Answers
@rgr is this KB-article not what you're looking for? Follow the steps to unbind the TOTP.
--Michael@BWC
I am convinced this is another "problem in the making" because of the vendor's choice of vernacular.
Most people think of setting and resetting MFA, and that is what they will search for. However, they will never find the aforementioned KB article because it does not use those keywords.
Some technicians think of bind and unbinding a device, and that is what SonicWall has selected to use.
I would never pass the SW exam because I can't be bothered keeping track of this kind of nonsense.
If you've got the group synced with LDAP then the quickest way to do this is delete the user from the firewall. The user gets created the first time they log in and bind their TOTP. You would lose any manual permissions you might have set on the user, but we don't do that so it's not an issue.
hello @Arkwright, could you detail how doing this "the quickest way to do this is delete the user from the firewall"? On a 7.1.1, I have the AD Group mirrored from the Active Directory and member of SSL VPN Services. On the Group is enabled TOTP.
User is correctly recognized by the AD and assigned privileged SSL access, but is only present in the Status (User and SSL) that allow me only to kick him off, not delete him.
So I miss the operation to delete such user in order to unbind the TOTP assigned.
You aren't deleting them from SSLVPN.
Users > Local Users & Groups
Delete the user. The next time they connect, they will be prompted to enroll MFA.