By Ryan Squires Posted August 31, 2019
Virtual Private Networks (VPNs) are one of the most popular ways to secure network traffic between points. VPNs have been quite popular for a number of reasons, and now more than ever they need to be secured because of the critical resources on each end of the VPN. For IT admins, that’s why adding 2FA to top VPNs is a critical task.
A VPN, or virtual private network, is essentially a secure connection between two points—usually an endpoint machine and a network or a network to network connection. As an example, VPNs have historically been used to connect remote employees back to their home offices where there were file servers, applications, and servers. In most cases, by connecting back to their home network, IT admins could authenticate the user through Microsoft® Active Directory® (AD), which required a direct connection. After the connection was established, the user could then access the IT resources that were located in the main facility that they needed in order to be productive while they worked remotely. This process was considered a best practice.
VPNs and Multiple Credentials
The challenge for end users was that they generally had to log in multiple times—each time with a different set of credentials. Once to the Windows-based machine itself and then another time with the VPN. Once the VPN connection was established, the end user would then have access to network resources because they were connected and authenticated to the AD domain controller. If the users were using anything other than a Windows-based machine, this process could be a lot more convoluted.
All in all, while a bit of a burden on end users, this approach worked pretty well when all of the IT resources users needed were on-prem and Windows-based. But with the advent of web applications, cloud infrastructure, and even more mobility, the model started to break down a bit. Additionally, the VPN wasn’t a connection back to every single resource that a user needed. Users would have to log in to additional services—meaning having to remember more credentials or even worse, log in to multiple VPNs.
VPNs, Critical Infrastructure, and 2FA
As the IT landscape shifted to the cloud, more complexity was added onto the shoulders of IT admins. VPN connections that were established were often to critical IT resources hosted on Amazon Web Services® (AWS®), Google Cloud Platform, Azure®, and/or elsewhere. Because of the critical nature of the information stored on those platforms, IT admins and DevOps engineers wanted to add 2FA (two-factor authentication, or multi-factor authentication) to the VPN connection.
Historically, the process of managing user identities on VPNs has been a painful task for IT admins. It becomes even more difficult when you add in another factor (2FA) to the authentication mix. The good news is that modern VPNs will often delegate their authentication to LDAP and RADIUS-based identity providers. The result is that with the right identity management approach, an end user can have just one password to log in to their IT resources securely and IT admins can centralize administration of user access. To top it off, with MFA capabilities built-in, organizations can help ensure that only the right people are logging into critical VPN resources.
Add 2FA to Top VPNs
But, how can organizations actually leverage 2FA with a top VPN like OpenVPN™, Cisco, Fortinet, Juniper, and others? With JumpCloud® Directory-as-a-Service®, user identities stored in the core Directory-as-a-Service platform are authenticated to the VPN using either RADIUS or LDAP. Your users get a single set of credentials for virtually all of their IT resources. That includes networks, applications like O365™ and G Suite™, systems including Windows®, Mac®, and Linux®, file servers on-prem and in the cloud, and much more.
Give JumpCloud a Shot Today for Free
Add 2FA to the Top VPNs with JumpCloud today. When you sign up, you get instant access to the entire breadth of the JumpCloud platform—and your first 10 users are free. For a guided tour, feel free to contact us for a demo.