Security

Hi, I would like to check whether is it possible to provide MFA integration using EAP-TLS certificate authentication? Is there been any documentation on this? Thank you.

Using ClearPass Onboard or using internal PKI ?

Thanks for the fast reply! We are using OnBoard.

Starting in 6.6.x you can integrate ClearPass Onboard with several MFA options Cloud MFA Providers= DUO , Kasada to name a few and also SMS as part of the Onboarding Captive portal authentication/verification workflow

Please explain your scenario further. In most cases, the authentication method is independent of MFA.

Is it possible that after EAP-TLS (certificate) authentication, prompt the user to key in another password for 2nd token authentication before the user can be connected to the network? 

Which MFA provider are you using?

We would be using RSA as the MFA provider.

Legacy RSA token 2FA unfortunately cannot be used with EAP-TLS as there is no mechanism append the PIN code.

Thanks, is there any other MFA provider that can support EAP-TLS integration?