6.4. Auth profiles

Auth profiles allow you to specify a set of authentication methods and parameters for users and then apply this set to various subsystems of UserGate, such as Captive portal, VPN, WEB PORTAL, and more. To create an authentication profile, go to Users and devices - Auth profiles, click Add and provide the following parameters:

Name

Description

Name

Name of the Captive profile.

Description

Description of the Captive profile.

MFA profile

A multi-factor authentication profile. This profile must be created beforehand in the MFA profiles section, if you are going to use multi-factor authentication together with a given authentication profile. MFA profiles define a delivery method for one-time passwords used in the second authentication method. For more details on how to set up MFA, please refer to the corresponding chapter below.

Important! Multi-factor authentication is compatible only with authentication methods that allow users entering one-time passwords, i.e. when users explicitly enter their credentials in a web form on the login page. Therefore, multi-factor authentication is not possible for Kerberos and NTLM.

Idle time

This parameter sets a timeout in seconds after which UserGate will move a user from Known users to Unknown users if the user is inactive (i.e. no network packets are sent from their IP address).

Expiration time

This parameter sets a general timeout in seconds after which UserGate will move a user from Known users to Unknown users. After this timeout, a user will have to authorize again on the Captive portal.

Maximum auth attempts

Allowed number of failed attempts to authorize through the Captive portal before temporary blocking a user account.

Authentication lockout time

A period of time for which a user account will be locked after exceeding the allowed number of failed attempts to authorize.

Authentication methods

Previously created authentication methods for users, e.g. through Active Directory authentication servers. If multiple authentication methods are provided, they will be used in the same order as listed in the console. When using the NTLM authentication method, it is not possible to add other authentication methods.