Configuring Juniper for MFA involves the following tasks:

The following video describes the Juniper VPN configuration process.

How it works

The following image represents a general flow. The actual configuration varies depending on your organizational infrastructure considerations and policies.

A flow showing the relationship between Juniper VPN, the RADIUS server, and PingID.

Processing steps

  1. When a user opens their Juniper IPSec or SSL VPN sign-in window and enters a username and password, their details are sent to the RADIUS Server on PingFederate through the VPN RADIUS client.
  2. PingFederate authenticates the user’s credentials with the LDAP Server as first-factor authentication.
  3. Upon LDAP authentication approval, the RADIUS server initiates second-factor authentication with PingID.
  4. The RADIUS server returns a response to the Juniper VPN. If authentication is denied or an error occurs, the user's VPN window displays an error message.