Software Token for MFA

sukram

Hello,

is it possible to use the KeepassXC software token for MFA login to Access Portal or VPN Connections?

Best

james.carson

Hi @sukram

KeePassXC is a password manager. Provided you have your password stored in that system, it may be able to help you log in via your password.

If your Access Portal or VPNs are secured using AuthPoint, you will need to use the AuthPoint app on your phone. AuthPoint uses additional features (like push) that TOTP does not support. If Access Portal and your VPN are secured using something that supports using TOTP keys, you can use KeePassXC. You'll need to consult the documentation for whatever MFA service you're using as well as KeePassXC's documentation for instructions on how to import a TOTP key into that system.

The AuthPoint app is free, and supports TOTP keys -- unless you have a specific reason to use KeePassXC, I'd suggest just using the AuthPoint app. KeePassXC and AuthPoint can both accept 3rd party TOTP keys, so you're not really gaining anything by using KeePassXC.

sukram

Hello @James.carson,
Thank you for your reply.
That's a shame, I was hoping we could use KeepassXC for OTP in conjunction with AuthPoint. Similar to how it works with external hardware tokens.

We have a few employees here who don't want to install the AuthPoint app on their personal smartphones.
Best regards, sukram

james.carson

Hi @sukram

The issue with KeepassXC is that it does not support AuthPoint's specific type of tokens.

If your end users do not want to use the AuthPoint app, it is also possible to use hardware tokens (both WatchGuard branded and third party.) If you decide to go this route, please keep in mind that some authentication options (like via RADIUS for IKEv2) will only allow one method (push or OTP, not both) so you may need to set up a different access policy for those users to allow the use of OTP keys.

See:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/tokens_hardware.html