Secure Mobile Access 100 10.2 User Guide

Table of Contents

Authentication Methods

NetExtender supports various two-factor authentication methods, including one-time password, NetExtender, SMS Gateway, Clickatell, Twilio, AliSMS, RSA SecurID, DUO, and Vasco.

One-time Password

Your Administrator can configure one-time passwords to be required to connect through NetExtender, you are asked to provide this information before connecting.

RSA SecurID Authentication

If your administrator can set you up with two-factor authentication (TFA) with RSA SecurID using Secure Mobie Access, if you have the RSA Authentication Manager and an RSA SecurID Appliance in your environment. This type of authentication allows you to leverage RSA SecurID's authentication factor as a second layer of security for your login.

If your Administrator has configured the RSA pin-mode authentication to be required to connect through NetExtender, you are asked whether you want to create your own pin, or receive one that is system-generated.

After the pin has been accepted, you must wait for the token to change before logging in to NetExtender with the new passcode.

During authentication, the SMA server can be configured by the Administrator to request a client certificate. In this case, you must select a client certificate to use when connecting.

DUO Authentication

The SMA series supports DUO Security Authentication during user login. DUO Security Authentication login is supported for different clients such as web browsers and Mobile Connect clients.

DUO uses two-factor authentication to authenticate both Android and iPhone users who have the DUO Mobile application installed on their smartphones.

VASCO Server Authentication

VASCO server authentication uses an IDENTIKEY Authentication Server (IAS) to authenticate remote users on a network through a RADIUS or web server environment. VASCO also supports multiple authentication server environments. The VASCO one-time password token system allows you to eliminate any weaknesses in your security infrastructure, such as using static passwords.

To configure VASCO server authentication with SMA

  1. Using the RADIUS server settings, add the IP address of your SMA to the VASCO IDENTIKEY Authentication Server configuration, as described in the documentation from your VASCO vendor.
  2. Enable and specify the VASCO IDENTIKEY Authentication Server in your SMA configuration.
  3. Add user names or group names to your policies.