How to configure and install VPN Connect for MFA
If using a Windows VPN connection, you can install this tool ("UserLock.VPN.Connect.msi", available in UserLock installation folder of the UserLock server) on the end user computers to allow users a better user experience for authenticating to VPN sessions with MFA. This tool also allows enrollment in MFA via a VPN connection.
For Admins:
Requirements:
VPN Microsoft pre-configured
UserLock Anywhere and UserLock IIS MFA features have to be installed.
If you have not already installed these components to protect IIS sessions with MFA or remote connections with UserLock Anywhere, you will need to install them. You do not need to complete the entire installation, just the following steps in the links below:
- UserLock Anywhere steps 1&2
- UserLock IIS MFA steps 2&3
Group Policy settings
UserLock VPN Connect can be configured manually or automatically.
However you can configure automatically UserLock VPN Connect through Microsoft Group Policies.
It is also possible to deploy settings parameters through Microsoft Group Policies using a 'Group Policy Administrative Template' that we provide (compatible with Desktop Agents installed through the console, automatically, through MSI, manually...).
In the UserLock installation folder (by default 'c:\Program files[ (x86)]\ISDecisions\UserLock'), you will find this 'Group Policy Administrative template' named 'VpnConnect.adm'. Install the template in the 'Group policy' you want to use to deploy settings parameters of UserLock VPN Connect.
Once the template has been added, you can go to 'Administrative templates' and display 'UserLock' then ‘VPN Connect’ (use 'Classic administrative templates' in Windows Server 2008 and higher).
For End Users
Open UserLock VPN Connect
Configuration:
Information page: This page will be already set if VPN Connect is configured by your administrator via a Group policy and you will not be able to modify it. If the information is not already filled in, you will need to complete it with the information below:
VPN Windows Connection = MyVPN
Domain = MyDomain
MFA URL = http://Server1.MyDomain.intra/ulproxy/Probing - ask your admin to provide this link
Yours account credentials page: (Warning: Do not put the domain name in the user field)
Connection = MyVPN
User name = User1
Password = mypassword
Click on Connect
If MFA is required for the user:
If MFA is not yet configured, the user will need to enroll by clicking on "register". This will open a page in the web browser to enroll via IIS.
With Push notifications, the user can validate the MFA with one click:
When using TOTP, the user simply enters the code:
Click on Close.