If you plan to deploy only the onOn-demand Demand password based authentication in your user base using Deepnet T-Pass, then you will configure your Juniper in such way that it will use your DualShield Radius server as the primary authentication server.
Your DualShield server will be responsible for verifying both users’ AD password and oneOne-time Time passwords. There should be no secondary Secondary authentication servers.
Edit Logon Procedure
In the DualShield Management Administration Console, edit the logon procedure Logon Procedure for your Juniper VPN application.
You will need to define two logon steps: the Two Logon Steps: The first step requires users to enter their static password "Static Password" (AD password), which will also trigger the DualShield server Server to send the user’s on"On-demand Demand password". The Hence the second step will then ask users to enter their on-demand password.
Configure Juniper
...
- Users will be first asked to enter their user name User Name and AD password
- The user name and password will be submitted to the DualShield Server to be verified. When the DualShield has successfully verified the user and its password, it will generate an time-time password and send it to the user by SMS or email. The user will then be asked to enter the one-time password:
- Users will be first asked to enter their user name User Name and AD password
...