Adding Azure MFA to VPN cilent
Hi, Team,
With Azure MFA, an app connector of the VPN provider should be added from the Azure portal Market place and then to configure the URLs in the two destinations (Azure portal and SonicWall UI for example)
The thing is that I do not find SonicWall documentation on how to add Entra MFA on SonicWall VPN login. There is also possibility through Radius Server as I see. Two questions on that:
- can additional NPS server be avoided (with app connector for example)
- can I get the correct up to date documentation on that and thank you a lot!
Reference I got so far does not show date of creation so I am concerned about accuracy - - If I get it to here, I will be able to proceed with MFA however, am not sure which app I can add on the Azure portal -
Can I get the correct documents or discussions over the topic? Thank you once again
Answers
Microsoft services change almost weekly Entra was Azure AD :( most of the knowledgebase documentation is I agree a little woolly.
Internal Windows NPS with the Azure AD extensions works
Then the SW is just a RADIUS client.
Thanks for the Answer! Here the thing is that I found how to add SAML SSO and integrate with SonicWall - so I think, once the SSO setup, user will also be prompted to MFA upon login to SonicWall with EntraID. Could this be correct? https://www.sonicwall.com/support/technical-documentation/docs/sma_100-10-2-administration_guide/Content/sma-config-portals-domains-add-edit-saml-config-azure.htm/
SAML integration is supported on the SMA platform
Thank you, yes, we setup on the Azure portal with the SAML parameters from SonicWall interface. Got it
Just to add - I am not familiar with the naming in the field of SonicWall, so do you mean something specific saying SMA platform or you mean it generally said?
the SMA is the secure mobile access platform s opposed to the firewall range
hey Mark, the customer of ours is using the interface shown here -
https://www.youtube.com/watch?v=kZGQ7WIPJ9M
However the video is a bit outdated and struggle to find straight forward SonicWall document on how to proceed to setup the SAML auth with Entra. Could you help me with a document if you have such?
From my notes within Entra you need to create an enterprise single sign on application
make sure to have the Entity ID and the Reply URL correct
you will need the Cert for the application and load that into the SMA under Certs, there is a specific SAML cert section
And the uploaded SAML cert
Add a authentication domain which uses the SAML 2.0 Identity provider,
You then have to populate the
Appliance ID - This is the Identifier ID in the Basic SAML configuration
Server ID - This is the Microsoft Entra Identifier
Authentication service URL - The Entra Login URL
Logout service URL - The Entra Logout URL
here's a link to the SMA
https://www.sonicwall.com/support/technical-documentation/docs/sma_1000-12-4-admin_guide/Content/Authentication/configuring-a-saml-2.0-identity-provider-authentication-server.htm/