This article shall guide you on the steps to enable MFA in Ziti Edge Tunnel for Linux. Know more about ZET for Linux here.
Note: This guide is written considering ubuntu 22.04 as the OS. The config steps may vary for different Linux environments.
Step 1: Create an Endpoint
To create an Endpoint click here
Step 2: Download, Install Ziti Edge tunnel for Linux & enroll your identity
To install and enroll ZET in Linux click here
Step 3: Run ZET
Run the ZET using the below command. This command needs privileged access you might need to use sudo before the command.
./ziti-edge-tunnel run --identity MFALinuxEP.json
Step 4: Verify ZET status
open a new terminal and check the MFA status using the below command. As shown below, "MfaEnabled":false this represents that the MFA is not enabled yet.
Step 5: Enable MFA
Enable MFA on respective identity to get the secret in "dev&secret" as shown below. Add this secret in any TOTP App such as Google Authenticator or Microsoft Authenticator to create an account in the TOTP app.
./ziti-edge-tunnel enable_mfa -i MFALinuxEP.json
Step 6: Authenticate with MFA
Use the MFA token from the TOTP authenticator app to authenticate the identity for 2-step verification.
The command syntax is given below
./ziti-edge-tunnel verify_mfa -i MFALinuz.json -c <Token>
After successful authentication, you can see the status as connected!.
Step 7: Verify ZET status
After successful authentication, check the status of the tunnel using the below command. Now, the MfaEnabled status changed from false to true as shown below MfaEnabled:true.
Step 8: Verify MFA in MOP
To verify the status of the login into the console >> go to endpoints and click on the endpoint MFALinuxEP >> click on the data top left corner. You can see the MFA active in posture data.