Hi, I setup SSL/VPN MAG6610 + SendQuick Conexa for 2FA authentication. In MAG6610 I configured the radius server pointing to sendQuick and configure the realms to use sendquick as the authentication server. The problem is when I tried to login using my AD ccount, there is no access challenge page appears when I login, but i received the sms for the OTP until the login error says "username/password was invalid". I tried to login to the old system and seems no issue with my credentials. this is an upgrade from SA4000 series to MAG6610 with the same system configurations inside... from the user logs in Juniper sslvpn, it says that the sendquick was unreacheble.. I've check the connections between the two boxes but seems no issues, there is no firewall policy that blocks the traffic between them. Is there any special configuration for 2FA in MAG6610? I could not see any documents configuring MAG6610 using 2FA with sendquick. I just use the reference guide to configure SA series with sendquick. Please advice.
Windows Pulse supports two factor, just as it does on OSX, IOS, etc. You are most definitely not limited to certs.
The MAG and your old SA4000 are functionally the same from a code perspective. So if it worked on the SA4000 it should most certainly work on the MAG. I'm guessing you checked all the basic stuff like making sure you can ping, the shared secret is matching on both sides, etc.
Have you done a packet capture?
Perhaps I misspoke. What I meant to say was Pulse Desktop does do 2 factor. It most definitely can not do two factor with SAML as the 2nd factor.
I had thought we were told certs were the only 2nd factor that could be used, but perhaps that is not true.
I've a similar problem with SA6500 and Junos Pulse (mobile and desktop)... but via normal browser it works fine.
In my case... It doesn't show the challenge, but accept it, after user+passwd was validated with sucess.