Enrolling MFA from Ziti Edge Tunnel for Linux


This article shall guide you on the steps to enable MFA in Ziti Edge Tunnel for Linux.  Know more about ZET for Linux here.

Note: This guide is written considering ubuntu 22.04 as the OS.  The config steps may vary for different Linux environments. 

Step 1: Create an Endpoint

To create an Endpoint click here 


Step 2: Download, Install Ziti Edge tunnel for Linux & enroll your identity

To install and enroll ZET in Linux click here


Step 3: Run ZET

Run the ZET using the below command. This command needs privileged access you might need to use sudo before the command.

./ziti-edge-tunnel run --identity MFALinuxEP.json



Step 4: Verify ZET status

open a new terminal and check the MFA status using the below command. As shown below, "MfaEnabled":false this represents that the MFA is not enabled yet.

./ziti-edge-tunnel tunnel_status



Step 5: Enable MFA

Enable MFA on respective identity to get the secret in "dev&secret" as shown below. Add this secret in any TOTP App such as  Google Authenticator or Microsoft Authenticator to create an account in the TOTP app.

./ziti-edge-tunnel enable_mfa -i MFALinuxEP.json



Step 6: Authenticate with MFA

Use the MFA token from the TOTP authenticator app to authenticate the identity for 2-step verification.

The command syntax is given below

./ziti-edge-tunnel verify_mfa -i MFALinuz.json -c <Token>


After successful authentication, you can see the status as connected!


Step 7: Verify ZET status

After successful authentication, check the status of the tunnel using the below command. Now, the MfaEnabled status changed from false to true as shown below MfaEnabled:true.  

./ziti-edge-tunnel tunnel_status



Step 8: Verify MFA in MOP

To verify the status of the login into the console >> go to endpoints and click on the endpoint MFALinuxEP >> click on the data top left corner. You can see the MFA active in posture data.






Was this article helpful?
1 out of 1 found this helpful



Please sign in to leave a comment.