Client connections can be tied to a NetFoundry console session in order to prevent a client from being connected to a network when the corresponding user is not logged into the console. This allows users a second factor of authentication for their NetFoundry client.
Creating an NF Auth Session Enabled Client
To create a client with NF Auth Session enabled, first navigate to the clients page and click the plus button to add a new client. On the client form, an optional toggle labeled “Require NF Auth Session” will be present at the bottom of the form. Toggling this option to on will expand the box to show the additional field necessary for creating an NF Auth Session Enabled client. To tie the new client to a user, simply search for that users name and email in the pick list and select the user to associate the client with. Finally, click create in order to create the client.
NF Auth Session Enabled Clients can also be created with a new user. To do so, select “Add a New User” from the pick list. Doing so will display a new field where an email address can be entered. Enter the email address of the user to be invited to the console and then click create. The client will be created and the new user will be invited with read only permissions on the network level.
Enabling NF Auth Session on Existing Clients
In addition to being able to create new clients with NF Auth Session enabled, an existing client can have NF Auth Session enabled. To do so, click on an existing client to edit it. On the edit client screen, NF Auth Sessions can be toggled. From here you can add an existing user or invite a new user.
Updating a Client with NF Auth Session Enabled
A client with NF Auth Session enabled can be modified to change the user that enables the client or to disable NF Auth Session. To change the user that manages the client session, edit the client in question and either select a new existing user or selecting the option to add a new user and providing the email address for the new user.
Viewing the Status of NF Auth Sessions
The status of an NF Auth Session can be determined by looking at the manage clients page. A client with an active NF Auth Session will have a connected link icon next to its name in the clients list. This indicates that the user who authenticates the client is currently logged into the console and the client is allowed to connect to the network.
A client with a broken link icon next to its name indicates a client that is not currently being authenticated. This means that the user who authenticates the client is not currently logged into the console and the client cannot connect to the network.
A client with no link icon next to its name indicates a client that is not managed by a NF Auth Session.
Managing an NF Auth Session
To enable the NF Auth Session for clients that they authorize, a user simply needs to log into the NetFoundry console. By logging into the console the clients will automatically be connected to any service groups they are a part of via the appwans in which they are included. This can verified on the client computer by viewing the NetFoundry Client Preferences → Services Tab.
After logging in the user will be brought to a page where they can view the clients they are authenticating. From here they will be able to see which clients are activated by their session being live and how long their session has been live for.
The user’s console session will remain active for two hours with no activity. If the user is interacting with the console their session will be extended with each interaction. When the user logs out, their NF Auth Session will be terminated on logout and the endpoints they authenticate will no longer be connected to the service groups they belong to. If a user is inactive in the console for more than two hours they will automatically be logged out from their session and their client’s connections will be terminated. This can verified on the client computer by viewing the NetFoundry Client Preferences → Services Tab.
If the user closes their browser session before they are logged out of the console their session will automatically be terminated after 5 minutes with no activity.