Gerald Muller1709156932 Posted November 12, 2021 Share Posted November 12, 2021 Hello, using the documentation procedure , I’ve been able to configure the machine tunnel using a device certificate and an ldap authentication for the user tunnel. Now, instead of using the ldap authentication, I wish to use a user certificate to connect the user tunnel. If it’s possible, how can I achieve this? And if yes, will il be possible to use policies and authorization to allow different access to the user? Thanks Link to comment Share on other sites More sharing options...
Brian Korrow Posted November 13, 2021 Share Posted November 13, 2021 I’m going to say no, because you have to enable the client certificate policy on the AAA. Not sure the AOService is going to react well to that, and you can not split out to multiple gateways. However, if you are looking to do a seamless machine to user tunnel transition if you have Azure AD you could either AAD join or Hybrid join the machine to the Azure AD tenant, then set the next NFactor after AOService to SAML. I have an EPA scan looking at the registry to determine hybrid join status and if successful using SAML, if not then fail back to LDAP. Link to comment Share on other sites More sharing options...
piddon Posted December 3, 2023 Share Posted December 3, 2023 On 11/13/2021 at 11:48 PM, Brian Korrow said: I’m going to say no, because you have to enable the client certificate policy on the AAA. Not sure the AOService is going to react well to that, and you can not split out to multiple gateways. However, if you are looking to do a seamless machine to user tunnel transition if you have Azure AD you could either AAD join or Hybrid join the machine to the Azure AD tenant, then set the next NFactor after AOService to SAML. I have an EPA scan looking at the registry to determine hybrid join status and if successful using SAML, if not then fail back to LDAP. Do you know of any blog post showing the SAML nfactor approach? I’ve been trying to do this but the policy fails. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now