• Secure Mobile Access 10.2
• Introduction
• Before You Begin
  • Supported Platforms
  • Creating a MySonicWall Account
• Installing the SMA 500v for AWS Virtual Appliance
  • Installing SMA 500v for AWS
• Configuring the SMA 500v for AWS Virtual Appliance
  • Powering the Virtual Appliance On or Off
  • Connecting to the Web Interface
  • Connecting to the Command Line Interface
  • Using the Command Line Interface
    • Reboot
    • Restart SSL VPN Services
    • Logout
    • Save TSR to Flash
    • Display EULA
  • Configuring Settings on the Appliance Web Interface
• Licensing and Registering Your Appliance
  • Registering the SMA 500v for AWS
  • De-registering an SMA 500v for AWS
• Using the 30-day Trial Version
  • Deployment Considerations
  • Registering the 30-day Trial Virtual
  • Converting a Free Trial License to Full
• Upgrading Your Appliance
  • Obtaining the Latest Image Version
  • Exporting a Copy of Your Configuration
  • Uploading a New Image
• SonicWall Support
  • About This Document

Authentication Methods

NetExtender supports various two-factor authentication methods, including one-time password, NetExtender, SMS Gateway, Clickatell, Twilio, AliSMS, RSA SecurID, DUO, and Vasco.

One-time Password

Your Administrator can configure one-time passwords to be required to connect through NetExtender, you are asked to provide this information before connecting.

RSA SecurID Authentication

If your administrator can set you up with two-factor authentication (TFA) with RSA SecurID using Secure Mobie Access, if you have the RSA Authentication Manager and an RSA SecurID Appliance in your environment. This type of authentication allows you to leverage RSA SecurID's authentication factor as a second layer of security for your login.

If your Administrator has configured the RSA pin-mode authentication to be required to connect through NetExtender, you are asked whether you want to create your own pin, or receive one that is system-generated.

After the pin has been accepted, you must wait for the token to change before logging in to NetExtender with the new passcode.

During authentication, the SMA server can be configured by the Administrator to request a client certificate. In this case, you must select a client certificate to use when connecting.

DUO Authentication

The SMA series supports DUO Security Authentication during user login. DUO Security Authentication login is supported for different clients such as web browsers and Mobile Connect clients in both Contemporary and Classic Modes.

DUO uses two-factor authentication to authenticate both Android and iPhone users who have the DUO Mobile application installed on their smartphones.

VASCO Server Authentication

VASCO server authentication uses an IDENTIKEY Authentication Server (IAS) to authenticate remote users on a network through a RADIUS or web server environment. VASCO also supports multiple authentication server environments. The VASCO one-time password token system allows you to eliminate any weaknesses in your security infrastructure, such as using static passwords.

To configure VASCO server authentication with SMA

1. Using the RADIUS server settings, add the IP address of your SMA to the VASCO IDENTIKEY Authentication Server configuration, as described in the documentation from your VASCO vendor.
2. Enable and specify the VASCO IDENTIKEY Authentication Server in your SMA configuration.
3. Add user names or group names to your policies.