• Secure Mobile Access 10.2 for the SMA 100 Series
• About This Guide
  • Organization of This Guide
  • Guide Conventions
• Virtual Office Overview
  • About Virtual Office
    • Accessing Virtual Office Resources
  • Browser Requirements
  • About Certificates
  • About the Virtual Office Web Interface
  • Logging Out of the Virtual Office
• Using Secure Mobile Access Connect Agent
  • What is the Secure Mobile Access Connect Agent?
  • Supported Operating Systems
  • Downloading and Installation
  • Setting Up the SMA Connect Agent
    • Proxy Configuration
    • Logs
    • Browser Warning
  • End Point Control (EPC)
  • PDA (Personal Device Authorization)
    • SonicWall Application
• Using Virtual Office Authentication
  • Importing Certificates
  • Using Two-Factor Authentication
    • User Prerequisites
    • RSA Two-Factor User Authentication Process
      • Logging into Virtual Office Using RSA Two-Factor Authentication
      • Creating a New PIN
      • Waiting for the Next Token
    • VASCO Two-Factor User Authentication Process
      • Logging into Virtual Office Using VASCO Two-Factor Authentication
      • Other RADIUS Server Two-Factor User Authentication Process
    • DUO Security Authentication Support on NetExtender/Mobile Connect Clients
  • Using One-Time Passwords
    • User Prerequisites
    • Logging In with an Email One-Time Password
    • Logging In with a Mobile App Time-based One-Time Password
    • Logging In with an SMS One-Time Password
    • Generating Backup Codes
    • Configuring One-Time Password Settings for E-mail
    • Configuring One-Time Password Settings for Mobile App
    • Configuring One-Time Passwords for SMS-Capable Phones
    • Configuring One-Time Password Settings for SMS
    • Verifying User One-Time Password Configuration
  • Using NetExtender
    • User Prerequisites
    • User Configuration Tasks
      • Installing NetExtender on Windows
      • Launching NetExtender Directly from Your Computer
      • Pre-Filling the Key Fields While Installing with Microsoft Installer
      • Configuring NetExtender Properties
      • Configuring NetExtender Connection Scripts
      • Configuring Batch File Commands
      • Configuring Proxy Settings
      • Configuring NetExtender Log Properties
      • Configuring NetExtender Acceleration Properties
      • Configuring NetExtender Packet Capture Properties
      • Configuring Language Properties
      • Configuring Protocol
      • Viewing the NetExtender Log
      • Disconnecting NetExtender
      • Upgrading NetExtender
      • Changing Passwords
      • Authentication Methods
      • Uninstalling NetExtender
      • Verifying NetExtender Operation from the System Tray
        • Displaying Route Information
        • Displaying Connection Information
      • Using the NetExtender Command Line Interface
      • Installing NetExtender on Linux
      • Using NetExtender on Linux
  • Using Mobile Connect
    • Prerequisites for Apple iOS Clients
    • Prerequisites for Android Smartphone Clients
  • Using File Shares
    • Using HTML-based File Shares
    • Downloading Files and Folders using HTML5 File Share
  • Managing Bookmarks
    • Adding Bookmarks
      • RDP Bookmarks
        • Determining the Remote Computer’s Full Name or IP Address
        • Configuring Remote Desktop Access on the Remote Computer
      • VNC Bookmarks
      • Citrix Bookmarks
      • Web Bookmarks
      • Mobile Connect Bookmarks
      • FTP Bookmarks
      • SSHv2 Bookmarks
    • Editing Bookmarks
    • Removing Bookmarks
    • Using Bookmarks
      • Using Remote Desktop Bookmarks
      • Using VNC Bookmarks
      • Using Citrix Bookmarks
      • Using Web Bookmarks
      • Using Mobile Connect Bookmarks
      • Using File Share Bookmarks
      • Using FTP Bookmarks
      • Using Telnet Bookmarks
      • Using SSHv2 Bookmarks
      • Global Bookmark Single Sign-On Options
      • Per-Bookmark Single Sign-On Options
• Warranty and License Agreements
  • GNU General Public License (GPL) Source Code
  • Limited Hardware Warranty
  • End User License Agreement
• SonicWall Support
  • About This Document

Authentication Methods

NetExtender supports various two-factor authentication methods, including one-time password, NetExtender, SMS Gateway, Clickatell, Twilio, AliSMS, RSA SecurID, DUO, and Vasco.

One-time Password

Your Administrator can configure one-time passwords to be required to connect through NetExtender, you are asked to provide this information before connecting.

RSA SecurID Authentication

If your administrator can set you up with two-factor authentication (TFA) with RSA SecurID using Secure Mobie Access, if you have the RSA Authentication Manager and an RSA SecurID Appliance in your environment. This type of authentication allows you to leverage RSA SecurID's authentication factor as a second layer of security for your login.

If your Administrator has configured the RSA pin-mode authentication to be required to connect through NetExtender, you are asked whether you want to create your own pin, or receive one that is system-generated.

After the pin has been accepted, you must wait for the token to change before logging in to NetExtender with the new passcode.

During authentication, the SMA server can be configured by the Administrator to request a client certificate. In this case, you must select a client certificate to use when connecting.

DUO Authentication

The SMA series supports DUO Security Authentication during user login. DUO Security Authentication login is supported for different clients such as web browsers and Mobile Connect clients.

DUO uses two-factor authentication to authenticate both Android and iPhone users who have the DUO Mobile application installed on their smartphones.

VASCO Server Authentication

VASCO server authentication uses an IDENTIKEY Authentication Server (IAS) to authenticate remote users on a network through a RADIUS or web server environment. VASCO also supports multiple authentication server environments. The VASCO one-time password token system allows you to eliminate any weaknesses in your security infrastructure, such as using static passwords.

To configure VASCO server authentication with SMA

1. Using the RADIUS server settings, add the IP address of your SMA to the VASCO IDENTIKEY Authentication Server configuration, as described in the documentation from your VASCO vendor.
2. Enable and specify the VASCO IDENTIKEY Authentication Server in your SMA configuration.
3. Add user names or group names to your policies.