MFA (Multi Factor Authentication) / 2FA (Factor Authentication) for RA (Remote Access) users is supported in locally managed SMB appliances, either directly on the Quantum Spark appliance or with Active Directory / RADIUS acting as a relay.
Method #1: Directly on the Quantum Spark Appliance
In order to deploy MFA/2FA directly on the appliance, you will need to subscribe to a 3rd party SMS provider which uses HTTP / REST API. Once you have this, enable the service by navigating to VPN > Remote Access Blade Control and checking the "Require users to confirm their identity using two-factor authentication" box:
Next, click on "Configure..." and enter the details that were provided by the SMS provider:
Lastly, in Users & Objects > Users, you will need to configure your remote access users with the phone number or e-mail address that should receive the verification code. This phone number should include the country code:
Note: The DynamicID URL format can differ based on the SMS provider and user requirements, however a working example can look like the following:
From this example, you would replace <APIKEY> with the API Key and <PHONENUMBER> with the phone number that was provided by the SMS provider where the verification code will arrive from.
The $PHONE portion is dynamically populated with the phone number that was entered for each local user account and should be left as is.
Method #2: Active Directory or RADIUS acting as a relay
In order to deploy such a requirement, you will need to configure an authentication server, as well (AD 'Active Directory' or RADIUS), and then delegate the authentication procedure/requests to it and apply the MFA/2FA mechanism there.
If you have the same username on both AD and RADIUS, then by design the match will happen first in the AD; once AD is configured, there is no way to change the search priority or even to stop the search.
Accordingly, MFA/2FA implementation through RADIUS once AD is configured and the same username exists in both entities (AD & RADIUS) is not supported by design.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.