SCHOOL-IT Archives

School Information Technology Discussion

SCHOOL-IT@LIST.UVM.EDU

Options: Use Classic View

Use Monospaced Font
Show HTML Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Nick Gottier <[log in to unmask]>
Fri, 5 Apr 2024 11:22:32 -0400
text/plain (1614 bytes) , text/html (2742 bytes)
I would totally love to hear more on this from people since we are mostly a
Google org and only have a few windows devices and a small AD domain.

We're looking at more than just 2FA on AD. We need it for our VPN as well.
Firstlight manages our egress with Meraki. Tying 2FA to a VPN with Meraki
requires a RADIUS server for it to point to from what we understand.

We're considering Duo. I think that cost was like $3/user/month maybe?

That part seems easy enough to set up once I get there but I'm currently in
the middle of bashing my head against my desk trying to get some old
neurons from a decade ago on setting up an NPS and tying it into a CA to
fire off. Most information out there seems to be geared toward people with
knowledge a bit newer and more robust than what I have. Probably going to
be best for us to pay for a public cert since our vendors are going to be
using the VPN.

On Fri, Apr 5, 2024 at 11:11 AM Robert Wickberg <[log in to unmask]>
wrote:

> We got a "friendly reminder" from VSBIT that they would like us to be
> using 2FA for active directory for privileged accounts, which in our case
> is really only the administrator account.   For those of you that have
> implemented 2FA for AD, what did you use to do it, and, if you don't mind,
> what did it cost?
> -----
>
> Robert Wickberg
> Technology Coordinator, BAMS, BUHS, and WRCC
> 802-451-3418
>
> -----------------------------------------------------------------------
>
> Search <http://list.uvm.edu/archives/school-it.html> the SCHOOL-IT Archive
>
> Manage <http://list.uvm.edu/cgi-bin/wa?SUBED1=SCHOOL-IT&A=1> your
> Subscription to SCHOOL-IT
>


ATOM RSS1 RSS2