Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 1121 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 2FA for Certain Users

Jace Garza

How do you configure Sophos XG 2FA for all applications such as:

1. WebAdmin

2. User Portal

3. SSL VPN

4. Sophos Connect

only for select users, not all of them.  All tutorials show how to do for all.  I tried only my user in the setup but when I go to try and login to portal, it won't take me to next page using the "normal" password I use before turning on OTP.  I should be able to login, get QR, and then logout and go thru again using 2FA.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Could you please post a snapshot for OTP settings?

    You need to first login to user portal to scan tokens and obtain passcodes using Sophos Authenticator or any third-party authenticator.

    Configure two-factor authentication

  • 0

    Do you configure "Auto-create OTP tokens for users" or do you create the Token by yourself?

    If you create the token for the user (within OTP-config page), you have to use the QR-Code from these page too.

    If the token is created/rolled out via userportal, the user can capture the QR-Code at this point.

  • 0 in reply to FormerMember

    Here are my entires and settings in OTP

    First, the entries, which I self created the "secret"

    Then the settings...

    With these settings, and I go to the user portal, trying to login with my AD password (don't have local FW account) I get this

    When I assume I would get logged in instead and then get QR to add token to Authenticator.

  • 0 in reply to dirkkotte

    I configured the token by myself.  See above reply to @Yash Kothari

  • 0 in reply to dirkkotte

    Please elaborate.  Please also see my settings in my reply to @Yash Kothari.  I create the token myself.  When I have these option enabled, I cannot get into user portal.  If I turn off, I can get into user portal.  Please also un-suggest your post as the answer.  It is nowhere near answer I am looking for or expecting. 

  • 0 in reply to Jace Garza

    I am very sorry. I'm sorry to try to help you.
    But it would be nice if you read my answers.
    If you create the token manually (not automatically via the user portal), you cannot get it via the user portal.
    Only if a user does not have a token is it created when registering at the user portal and the user can capture it there.
    You can, however, scan the token in the config page and log into the portal with username and password + token.

    PS: I have not suggested my answer as a solution !!