Safeguard integration with Defender

Hi Mahmoud,

1. Yes SPP supports adding a Radius Server as secondary authentication for user login to SPP and Defender is a Radius Server.

2. SPS also supports adding a AA Plugin for Radius which can be configured to point to Defender to add OTP on SSH or RDP sessions proxied via SPS.

Thanks!

Hello Tawfiq,

Does SPS portal access support Defender MFA authentication?

As I'm trying to create new Radius login option

- PAP authentication protocol

- Authorization backend : LDAP

but still can't access, what should additional requirements please?

Hi Mahmoud,

SPS Web UI portal does support Radius as a login option which can be pointed to Defender correct.

The login prompt in SPS is not currently designed for multiple prompts (if you are trying to enter AD password separately from token response) so one way this would work for MFA currently is if you use a Defender Policy such as AD password with Token (so that the user would type both the AD password and token in the same password field line) which I was able to test successfully. 

I created a separate Defender Access node with different port example 400 and using SamAccountName for the user id

Point SPS to Defender and that radius port in step above and add all other configurations in Access node such as the DSS server and members plus the policy of AD Password with token in First method followed by None in second method

In SPS side you also need to have an AD group of which the user is a member of added under User & Access Control > Appliance Access > here you can add the AD group and grant the rights for what the user has access to in the SPS Web UI.

Thanks!

Many thanks Tawfiq,

It worked using (AD Password with token) policy.

Many thanks Tawfiq,

It worked using (AD Password with token) policy.