Multi-factor authentication (MFA) for VPN access

Prevent unauthorized access to enterprise networks with our MFA solution to protect VPN logons.

Thank you for downloading!

Your download should begin automatically in 15 seconds. If not, click here to download manually.

  • Please enter a business email id
    By downloading you agree to processing of personal data according to the Privacy Policy.

Enterprise virtual private networks (VPNs) enable employees to access important resources needed to do their work, even when they're working remotely. However, if this access falls into the wrong hands, it can cause collateral damage to your network. With MFA for VPN access, you can go beyond passwords to secure VPN sessions.


Why your VPN login needs MFA

VPN connections are the gateway to all enterprise resources, so only using primitive passwords to protect such an important access point just doesn't cut it. Here are some more reasons to implement MFA for VPN logons:

  • Prevent credential theft:

    According to the Verizon 2020 Data Breach Investigations Report, 67 percent of data breaches were due to three major causes: credential theft, human errors, and social engineering attacks. When access to your VPN is protected only with a password, it's susceptible to all of these attacks. Enforcing other factors of identity verification will render stolen credentials useless.

  • Meet regulatory compliance requirements:

    MFA helps your organization stay compliant with various legal regulations including PCI DSS, HIPAA, and more.

  • Take the first step towards the Zero Trust security model:

    In a Zero Trust security model, access to resources is given only if and when required. This model can eliminate the biggest disadvantage of VPN access—having no checks on access to resources once a user has entered the network. You can configure risk-based MFA that restricts access to resources based on users' location, IP address, device used, etc.

How ADSelfService Plus VPN MFA works

ADSelfService Plus utilizes the RADIUS protocol and its request-response and challenge-response features
to implement multi-factor authentication for VPN logons. Here's how OpenVPN two-factor
authentication works through ADSelfService Plus:


A user attempts to connect to the VPN by entering their Active Directory (AD) password.


After a successful password authentication, the user has to prove their identity again through the second factor of authentication.


If the user passes this authentication method as well, they are connected to the VPN.


Supported authenticators

ADSelfService Plus trusted by


Safeguard VPN access with multi-factor authentication

The user must respond to questions like What is your login name? with an answer that matches to authenticate themselves.

Download now

© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.