Note: You must have the LoginTC RADIUS Connector version 2.5.0 or newer to use Challenge Mode Authentication. Your VPN clients must also support challenge mode authentication. Common VPN clients such as Cisco AnyConnect and WatchGuard Mobile SSL VPN, among others, do support it.
Challenge Mode Authentication gives your users instructions on how to proceed with authentication after entering their username and password. This mode often improves the user experience as it reminds them on how to authenticate.
LoginTC RADIUS Connector Configuration
Follow these instructions to enable Challenge Mode in the LoginTC RADIUS Connector:
- Open the LoginTC RADIUS Connector web panel
- Click on the Configurations tab
- Click on your configuration
- Scroll down to the Client Settings section
- Press the Edit button in the Client Settings section
6. Select Challenge in the Authentication Mode
7. Customize the Challenge Message if you wish, but make sure to instruct the user on what to do
The user enters their username and password as they normally do in their VPN :
The user then receives the Challenge Message that you configured:
The user can then enter 1 and press OK to authenticate with the LoginTC app or enter a bypass code or OTP.
- If the user enters a bypass code or OTP their authentication request will be either approved or denied immediately
- If the user enters 1 then they will receive a LoginTC request for approval (they can also have the LoginTC app open and refresh the app to receive the request faster)