Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Separate MFA field for admin portal login

Hello,

I use a password manager, 1Password, to fill my login credentials for the Sophos Firewall admin login page. I have MFA enabled for the admin users, which requires me to add an MFA code each time I login. This is great, and as expected. However, the MFA code is added to the password field, following the password. This is causing several issues as follows:

  • No visual indicator that I need to add the MFA code, which means I need to remember that for this login page I need to do something special. This is not great UX, I should not need to remember that I need to put an MFA code in a special place in the password field, so sometimes I forget, and it takes me longer to login.
    • Due to changes in SFOS 20.0.1 MR-1-Build342 I will be blocked after two failed logins, which will certainly happen due to the point above.
  • The 1Password, password manager, determines that I am changing my password every time I login with a new string in the password field. This is good, expected behaviour on every single other login page, but is absolutely maddening on the Sophos Firewall page because I am not changing my password.

I have scoured for the config setting to change this, to have a third separate field on the login page for the MFA code, but I cannot find how to do it.

How are you managing this? Do you also find this frustrating?

If the option for a third, separate, field for the OTP/MFA/2FA does not currently exist, could such an option be added as a feature request?

Sophos Firewall Admin Login page with username and password fields, but no OTP code field.

Image 1. Sophos Firewall Admin Login page with username and password fields, but no OTP code field.



This thread was automatically locked due to age.
Parents
  • I would recommend to look into Entra ID Integration. 

    This essentially solves this need, as it redirects you to Entra. Entra ID will do the Authentication with you. 

    __________________________________________________________________________________________________________________

  • Hi , I appreciate the quick reply. As you're a consummate expert on the Firewall, and didn't suggest a config change, I'll assume that their is no way to achieve what we're looking for within the system currently. It looked like a method existed for the Connect client, so I was hopeful that some method exsited for the portal pages.

    We'll certainly look into your suggestion regarding EntraID as a method work around this minor UX deficiency.

Reply
  • Hi , I appreciate the quick reply. As you're a consummate expert on the Firewall, and didn't suggest a config change, I'll assume that their is no way to achieve what we're looking for within the system currently. It looked like a method existed for the Connect client, so I was hopeful that some method exsited for the portal pages.

    We'll certainly look into your suggestion regarding EntraID as a method work around this minor UX deficiency.

Children
No Data