Adding MFA to a Microsoft NPS Server

Note: This integration does not support the use of Push. You will need to use OTP.

Setting up MFA for RADIUS is a requirement for this integration. Please see this article for more information.

Configuring NPS to support RADIUS Authentication

  1. Go to the Start Menu and click on Administrative Tools.
  2. Go to Network Policy Server (NPS)
  3. Expand RADIUS Clients and Servers.
  4. Highlight Remote RADIUS Server Groups and right click > New.
  5. Name the group, then click Add to add a radius server.
  6. Type in the Address of the RADIUS agent.
  7. Click on the Authentication/Accounting tab to configure the RADIUS Server options.

  8. Type in the Shared Secret that has been configured in the RADIUS Agent
  9. Click on the Load Balancing tab to configure the RADIUS timeout.
  10. Under Advanced Settings, set Number of seconds without response before request is considered dropped from the default of 3 to a higher value, (10 seconds or higher is recommended), and click OK.
  11. Click OK to create the RADIUS server group.
  12. Expand Policies, then Connection Request Policies.
  13. Right click on Virtual Private Network (VPN) Access Policy > click Properties.
  14. Click on the Settings tab, then click Authentication.
  15. Select Forward requests to the following remote RADIUS server group for authentication and select the RADIUS server group that you created from the list.
  16. Click OK.
  17. Repeat steps 12 – 16 for all other policies with the source Remote Access Server (VPN-Dial up).
  18. Click Network Policies, then highlight Virtual Private Network (VPN) Access Policy and right click > Properties.
  19. Click on the Constraints tab, then click Authentication Methods.
  20. Deselect all methods except Microsoft Encrypted Authentication version 2 (MSCHAP-v2) and User can change password after it has expired, then click OK.
  21. Restart the NPS service by highlighting NPS and right click > Stop NPS Service, then right click > Start NPS Service.

 

See this article for configuring the connection to the VPN.

Have more questions? Submit a request

0 Comments

Article is closed for comments.