For the VPN2VLAN accesses at KIT, which can be set up for special requirements, e.g. access to specially protected networks, authentication with a second factor can also be activated on request. One example of this is access to SAP. The use of the second factor has become much more convenient since the end of January. It is now possible to transfer the second factor directly via a field provided for this purpose in the VPN client (illustration) instead of appending it to the password separated by a comma. The new configuration file kit-vpn2vlan-2fa.ovpn, which can be downloaded from the SCC VPN website, must be used for the input field for the second factor to be displayed. The new configuration file is already available on the workstations managed centrally by TCS.
This change significantly improves user-friendliness, as the password can now be saved in the client and only the second factor needs to be entered when logging in. The old method of appending the second factor to the password also remains valid, so that users have the choice of which method they prefer or can switch to the new method at will.
In the future, there are plans to evaluate other authentication methods such as OpenID Connect (OIDC) in the VPN in order to further improve security and user-friendliness.
Further information: Instructions for using the second factor in the VPN