Free EditionVPNs allow users to access various resources while outside the office through a secure tunnel. While this facilitates an uninterrupted workflow for remote employees, it also exposes the organization's network to new cybersecurity concerns.
When a VPN is synced with an organization's AD environment, users are commonly authenticated using only their domain username and password—a method that has proven to be no longer secure. Verizon reports that 81% of data breaches can be linked to compromised passwords. Exposure of VPN credentials can put your entire network at risk of data exposure. Implementing additional layers of security through MFA is an effective way to prevent the dire consequences of credential exposure.
ManageEngine ADSelfService Plus, an identity security solution, enables you to fortify VPN connections to your organization's networks using adaptive MFA. This involves implementing authentication methods like biometric authentication and one-time passwords (OTPs) during VPN logons in addition to the traditional username and password. Since passwords alone are not enough to log in to the network, ADSelfService Plus renders exposed credentials useless for unauthorized VPN access.
ADSelfService Plus allows admins to secure all RADIUS-supported VPN providers with MFA including:
To secure your VPNs using MFA, the VPN server needs to use a Windows Network Policy Server (NPS) to configure RADIUS authentication, and the ADSelfService Plus NPS extension has to be installed in the NPS. This extension mediates between the NPS and ADSelfService Plus to enable MFA during VPN connections. Once these requirements are fulfilled, the process shown below takes place during a VPN login:
The user is now granted access to the VPN server and an encrypted tunnel is established with the internal network.
IT admins can configure any of the above methods for VPN MFA according to their organization’s requirements. ADSelfService Plus enables hassle-free configuration and administration of the feature through:
Granular configuration: Enable particular authentication methods for users belonging to specific domains, OUs, and groups.
Real-time audit reports: View detailed reports on VPN logon attempts with information like logon time and authentication failures.
Apply different authenticators to different sets of users based on their privileges.
Meet NIST SP 800-63B, GDPR, HIPAA, NYCRR, FFIEC, and PCI DSS regulation requirements.
Prohibit the use of weak passwords, which make your network vulnerable to cyberattacks.
Use MFA to secure not just VPN access, but also local and remote logins for Windows, macOS, and Linux machines for complete endpoint security.
Enable context-based MFA with 19 different authentication factors for endpoint and application logins.
Learn moreEnable context-based MFA with 19 different authentication factors for endpoint and application logins.
Learn moreDelegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.
Learn moreEnhance remote work with cached credential updates, secure logins, and mobile password management.
Learn moreEstablish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.
Learn moreSimplify auditing with predefined, actionable reports about authentication failures, logon attempts, and blocked users.
Learn more
