Chapter 23 User & Authentication
USG FLEX H Series User’s Guide
348
3 If all correct credentials are found, then the Zyxel Device requests the Google Authenticator code.
4 The admin user must enter the authorization code within a specified deadline (Valid Time).
5 If the authorization is correct and received on time, then the admin user can log into Zyxel Device. If the
authorization deadline has expired, then the admin user has to log in again. If authorization credentials
are incorrect code was received, then the admin user should contact the network administrator.
23.4.0.1 Pre-configuration
Before configuration, you must:
• Set up the user’s user-name, password and email address or mobile number in the Active Directory,
RADIUS server or local Zyxel Device database
• Enable Two-factor Authentication in User & Authentication > User/Group > User > Edit > Two-factor
Authentication for a specific user
• Enable Two-factor Authentication in User & Authentication > User Authentication > Two-factor
Authentication for the Zyxel Device
• Enable HTTP, HTTPS and/or SSH in System > Settings > Administration Settings.
•Add HTTP, HTTPS and/or SSH in the Object > Service > Service Group > Default_Allow_WAN_To_ZyWALL
service group. This service group defines the default services allowed in the WAN_to_Device security
policy.
Two-Factor authentication will fail under the following conditions:
• You omit any of the pre-configuration items. Make sure to perform all pre-configuration items.
• Authorization times out. Extend the Valid Time in User & Authentication > User Authentication > Two-
factor Authentication > VPN Access.
• You are unable to access Google Authenticator (you lost your phone or uninstalled the app). Log in
using one of the backup codes.
• You get a Google Authenticator verification error. You must enter the code within the time displayed
in Google Authenticator. The time on your cellphone and the time on the Zyxel Device must be the
same.
Google Authenticator Settings
The following is a list of specifications and limitations on using Google Authenticator for two-factor
authentication.
• Ext-users (authenticated by external servers) are not supported.
• A user must setup Google Authenticator on their mobile device before they can successfully
authenticate with the Zyxel Device.
• Verification code length: 6 digits.
• Maximum verification code failed attempts: 3
• Backup code length: 8 digits
23.4.1 User Authentication Two-Factor Authentication
Use this screen to select the service (Web and SSH) that requires two-factor authentication for the admin
user.
To Next Page
Loading...
