Sophos Google Authenticator

Posted on  by



Sophos Authenticator does not only operate with a Sophos account, but also with accounts from Google, Dropbox, Facebook, Github and all the other providers who implement authentication in this standardized way. Features: - Can generate both time-based (TOTP) and counter-based (HOTP) codes - SHA-1, SHA-256 and SHA-512 hash algorithm supported. MFA supports Google Authenticator and Sophos Authenticator for the additional layer of security. How to Enable Multi-factor Authentication in Sophos. Log in to Sophos Central Admin console with a Super Admin account. In the left pane, click Global Settings. Under General, click Multi-factor Authentication (MFA). Maximizing your Sophos revenue, all in one place. Portal Login Request Portal Access The Sophos Partner Portal is an award-winning, exclusive resource to help you manage and grow your business. Admins can use Sophos Authenticator, Google Authenticator, SMS, or email authentication to sign in. Multi-factor authentication is turned on by default for newly created Sophos Central accounts. This page tells you how to do the following: Set up multi-factor authentication. Sophos Central Admin: How to login using Sophos/Google Authenticator KB-000037072 Sep 1, 2020 1 people found this article helpful.

When you add 2FA to a VPN login you add an extra dimension of security, meaning users may only log on after providing an additional piece of information to prove their identity, in this case a code from Google Authenticator.

This may be something that’s critical in order for your business to comply with industry regulations, or just a feature to give you peace of mind when it comes to the security of your business data. Either way, if you’d like to enable 2 FA for logging on to an SSL VPN, it’s a relatively easy task on the Sophos UTM.

Follow the below steps to set this up ready for 2 factor authentication.

  1. Login to the UTM and go to Remote Access -> SSL. Here you’ll need to create a Profile for the VPN, so select ‘New Remote Access profile’. If you have integrated your UTM with Active Directory, you can drag ‘Active Directory Users’ into the Users and groups field, otherwise you will need to create users manually and drag the names into the field.
  2. Next, drag the defined internal network, server or device name into the ‘Local networks’ field. Make sure that ‘Automatic firewall rules’ is ticked and save the profile.
  3. Next, go to Definitions and Users -> Authentication Services-> One-time Password. Here we will setup the rules for 2 factor authentication. Under ‘Authentication Settings’ we will make changes based on your required setup. Presuming all users will need to authenticate, make sure the following are ticked for the least administration:
  • All users must use one-time passwords.
  • Auto-create OTP tokens for users
  • User Portal
  • SSL VPN Remote Access

Sophos Authenticator Qr Code

This will enable all users to login to their UTM portal and view the Google Authenticator barcode on login.

  1. To enable users to see the Remote Access tab for downloading the VPN Client, go to Management -> User Portal -> Advanced. Under ‘Disable Portal Items’, make sure that ‘Remote Access’ is not ticked.

Why do we need 2FA?

Found this useful?

Beaming is an Internet Service Provider for businesses so we’re experts in networking and all-things connectivity. Subscribe to receive our how-to guides, cyber security advice and business research direct to your inbox once a month.

Sophos 2fa Google Authenticator

Two-factor authentication ensures that only users with trusted devices can log on. To provide two-factor authentication, you configure the OTP service. Then, end-users scan tokens and obtain passcodes using Sophos Authenticator.

Objectives

Sophos Google Authenticator Extension

When you complete this unit, you’ll know how to do the following:
  • Turn on the OTP service and specify settings.
  • Scan tokens and obtain passcodes using Sophos Authenticator on the client.

Specify OTP service settings

Sophos Google AuthenticatorSophos Google AuthenticatorGoogleSophos Google Authenticator

First, you turn on the OTP service. Then, to maximize the protection this type of authentication offers, you require all users to use it. You also specify the features for which two-factor authentication is required.

The following steps are executed on the firewall.

Sophos Central Google Authenticator

  1. Go to Authentication > One-time password and click Settings.
  2. Specify settings.
    One-time password
    On
    OTP for all usersOn
    Auto-create OTP tokens for usersOn
  3. Enable OTP for WebAdmin and User portal.
  4. Click Apply.