6

I'm using Azure Active Directory (Premium, with full MFA). I've set up a VPN gateway and would like users to be able to authenticate to it using their Azure AD username and password (instead of certificates).

From everything I read, this should be possible - Azure MFA provides a RADIUS server, and the Azure VPN Gateway can connect to a RADIUS server.

But I can't figure out how to do fit - in the gateway's P2S configuration, I need to provide an IP address and a secret. Where would I get those for the Azure AD MFA server?

enter image description here

Herb Caudill
  • 201
  • 1
  • 2
  • 4
  • Hi, Herb, have you referred this document?https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-radius-ps – Wayne Yang Nov 29 '17 at 09:35
  • Yes, this assumes a stand-alone RADIUS server. ("If you don’t have a RADIUS server deployed, deploy one. For deployment steps, refer to the setup guide provided by your RADIUS vendor.") I could install MS MFA on a VM but I'd rather not have that added complexity. – Herb Caudill Nov 29 '17 at 13:31
  • did you manage to find a solution to this? – Nicolas Mommaerts Jan 23 '18 at 09:27

1 Answers1

1

Ok so I am guessing you want everything hosted on cloud and dont have an existing servers NPS, Radius etc, so what you will have to do is download the MFA Server and host it on an azure VM. From the FMA console you can then launch a RADIUS server.

Sadly Azure AD with MFA dos have a radius server it just has the authentication of the uses.

or if you want a truly cloud based system you can use one of the multi tenanted radius servers attached to your azure ad.

It's crazy that there isn't one join the surggestion group.

https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/8816272-authenticating-wireless-access-points-radius-thr

RickWeb
  • 275
  • 2
  • 13