Configuring MFA with SMS

SMS can be used to verify identity by prompting to enter a code only known to the person possessing the registered mobile phone number.

In order to enable MFA using SMS, you will need to create a new Radius Policy.

Step 1 - Create a new Radius Policy

  1. Navigate to Policy in the top panel

  2. In the left window, click on Radius Policy

  3. Click on Tasks and select Create

  4. Enter Name for Radius Policy

  5. Under the Conditions section, select the criteria to match on

  6. Click Add

  7. Scroll down to the Policy Section

  8. Set Access Policy to 'Continue' (this allows for the MFA challenge)

  9. Set 2-Step Authentication to 'Text Message'

  10. Click Create

Note

Status can be left in 'Disabled' mode until you are ready to test.

Note

In order for MFA using SMS to function, ensure the user account has a mobile number entered under Management > User > userid > User Information > Mobile Phone.

Step 2 - Test / Validate

  1. Connect using the Genian NAC 6.0 Connection manager

  2. Right-click on the tray icon

  3. Select Network Access and then site name to connect

  4. Sign in with user ID/password

  5. An 'Authentication Code' window should display

  6. This code will be sent via SMS to the number list in the user profile

  7. Enter code into the 'Authentication Code' window

  8. If code is correct, NAC 6.0 Connection Manager should update that you are now connected