This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL-VPN with MFA client password save

Hello,

Recently I have rolled out SSL-VPN solutions for several clients, all of them are complaining about the inability to save their passwords and state that the Sophos client is very user-unfriendly. I agree in this and want a solution.

MFA is mandatory. A situation where username and passwords are saved and filled automatically is fine, clients can add the MFA code after this. But this does not work:

- Saving the password with MFA works, but makes the connection, obviously, fail on the second login.

- Saving without MFA deletes the credentials because the login failed.

We use the Sophos connect client, downloaded from the VPN-Portal with MFA. The Firewall uses version 19.01.

Looking forward to any solution or any posts that are on this topic.

Kind regards,

Niels



This thread was automatically locked due to age.
Parents
  • Hi Vivek,

    Indeed, this is the behaviour. Clients see the "save credentials" option and they want to use it, but it always fails since the OTP is expired after the first time.

    You post states that: "This is a known issue". Is this issue also being addressed and is there any perspective on a change?

    An ability to separately enter the OTP would be a good solution.

    Looking forward,
    Niels

  • I am afraid as of now this is a known behavior, it available here - https://docs.sophos.com/support/kil/index.html > Choose your product: Sophos Connect - ID - NCL-1391

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Thanks, guess we have to start looking for third party clients.

  • Hi Niels,

    I think there is a misunderstanding here.   Talks about the first time connect when there are two separate logons, first to to the userportal and second to the vpn. The second fails with the first otp.

    You have a differnt problem, after entering username, password+OTP your clients select save username and password, but this is with OTP.

    So the password say "password123456" is saved and that will not work the next time they logon.

    You can solve this. The Sophos Connect client is able to show a separate OTP field, so there will be a username filed, password field, and a OTP field. saving user+passwd will work then.

    The problem here is, how to add the OTP field?

    When you use a provision file .pro it easy just add "otp": true,

    [
    {
    "display_name": "Name of VPN",
    "gateway": "ip or dns",
    "user_portal_port": 4443,
    "otp": true,
    "2fa": 0,
    "can_save_credentials": true,
    "check_remote_availability": false,
    "run_logon_script": false
    }
    ]

    Edit the fields with your info and save as name.pro import (ore just double click) this in the client. Using this method has some other nice benefits to.

    With the config file from the userportal this not passible as far as i know.

    Maybe someone from staff knows?  

    Succes!

    Bart

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • Hi Bart,

    Thanks! This was exactly what I needed, I will start testing this.

    Looking forward to a reply from Sophos staff about efficient deployment. I have to do 100+ accounts and only a few of them are managed by AD.

    Thanks for keeping this topic alive, kind regards,

    Niels

Reply Children
No Data