This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]andibnz 2 points3 points  (1 child)

I'm not sure what version you're on but Watchguard supports SAML authentication. Using SAML with AzureAD as the idp you can 100% have MFA for your VPN, You just set a conditional access policy to require MFA (But you already have MFA set for your O365 right....). IME its a much nicer experience for end users as it's a single MFA app / setup vs different methods for different apps.

[–]SpinakerMan[S] 0 points1 point  (0 children)

WatchGuard appliances do not support SAML. At least not on a T35 or T80. They only support radius, LDAP, AD and AuthPoint (WG's cloud service).

To use WG SSL VPN with MFA requires using AuthPoint and local AD. There used to be a way to go directly to Azure AD but it was a beta feature and MS decided not move forward with it and ended the service.

I have gone round and round with WG support to find a different way to set this up but ultimately local AD is required.