How to enable MFA in ZET for Linux

Introduction

This article shall guide you on the steps to enable MFA in Ziti Edge Tunnel for Linux.  Know more about ZET for Linux here.

Note: This guide is written considering ubuntu 22.04 as the OS.  The config steps may vary for different Linux environments. 

Step 1: Create an Endpoint

To create an Endpoint click here 

 

Step 2: Download, Install Ziti Edge tunnel for Linux & enroll your identity

To install and enroll ZET in Linux click here

 

Step 3: Run ZET

Run the ZET using the below command. This command needs privileged access you might need to use sudo before the command.

./ziti-edge-tunnel run --identity MFALinuxEP.json

MFA12.png

 

Step 4: Verify ZET status

open a new terminal and check the MFA status using the below command. As shown below, "MfaEnabled":false this represents that the MFA is not enabled yet.

./ziti-edge-tunnel tunnel_status

ZUV4mW6kTf.png

 

Step 5: Enable MFA

Enable MFA on respective identity to get the secret in "dev&secret" as shown below. Add this secret in any TOTP App such as  Google Authenticator or Microsoft Authenticator to create an account in the TOTP app.

./ziti-edge-tunnel enable_mfa -i MFALinuxEP.json

W0nQ7TnToT.png

 

Step 6: Authenticate with MFA

Use the MFA token from the TOTP authenticator app to authenticate the identity for 2-step verification.

The command syntax is given below

./ziti-edge-tunnel verify_mfa -i MFALinuz.json -c <Token>

MFA5.png

After successful authentication, you can see the status as connected!

 

Step 7: Verify ZET status

After successful authentication, check the status of the tunnel using the below command. Now, the MfaEnabled status changed from false to true as shown below MfaEnabled:true.  

./ziti-edge-tunnel tunnel_status

3o52QNjEYc.png

 

Step 8: Verify MFA in MOP

To verify the status of the login into the console >> go to endpoints and click on the endpoint MFALinuxEP >> click on the data top left corner. You can see the MFA active in posture data.

1ooehRIyW7B.png

MFA3.png

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.