Getting Started with MFA for VPN

Locked computer with mobile device with key

To enhance the security of our Virtual Private Network (VPN), the Alamo Colleges District will require Multi-Factor Authentication (MFA) with a One Time Password (OTP) generated from a mobile device application. This will be used in conjunction with your active directory username and password.

Readiness Checklist

  • Submit Footprints requesting access
  • Request installation or upgrade of the FortiClient
  • Download and install the FortiToken Mobile application on your mobile device
  • Scan and fix vulnerabilities using FortiClient

Getting Started

Select each header link below to expand the section for detailed steps.

Submit Footprints requesting VPN-MFA access

Submit a Footprints request using the "MFA VPN Access Request" template for access.

Request installation or upgrade of FortiClient

You will need to request the installation (or update to version 6.4.6 or higher) of FortiClient on your device(s) by submitting a Footprints ticket or contacting your local IT Help Desk.

Download and register the FortiToken Mobile application

1. Install the FortiToken Mobile application

The FortiToken Mobile application is available on three mobile platforms: iOS, Android, and Windows.

2. Register the FortiToken Mobile application

In order to use the FortiToken Mobile app on your mobile device, you will need to activate a token that will be sent to your Alamo email by the system administrator. Once activated, you can immediately generate OTPs on your device.

FortiToken Activation Email Message

After your system administrator assigns your token, you will receive a email notification from [email protected] with a QR code attachment and an activation expiration date and time by which you must activate your token.

2.1. Notice: The emailed token will expire within 4 hours of being sent to you.

The activation email will look similar to this:

Sample email message from FortiToken Mobile with Activation Code

Before you begin, make sure your devices are set to the correct time and that you have Internet access.  

Activate Your Token

You can activate your token on the FortiToken Mobile IOS, Android, and Windows application once you receive an Activation Code via email.

This process is easiest performed with both your Alamo mailbox and FortiToken Mobile application open.

User is presented with options to either "Scan Barcode" or "Enter Manually" the token for the Fortinet Mobile application
Scan Barcode

On your device, open the email QR code attachment that was sent from [email protected].

If your mobile device supports QR code recognition, you can simply press Scan Barcode from the Fortitoken Mobile home screen and point your device's camera at the opened QR code attachment.

Successful registration will allow the token to appear in FortiToken Mobile.

Scan for vulnerabilities and correct issues using FortiClient

The vulnerability scan within FortiClient should be used to help identify and assist you with correcting issues with your device before connecting to the Alamo Colleges network through VPN.

Open FortiClient on your device and select Vulnerability Scan [1] from the menu on the left. From there you can select Scan Now [2] to scan for vulnerabilities and updates that need to be installed. Once the scan has completed, you can view the vulnerabilities that were detected. To correct these, select Fix Now [3].

User scans their device for vulnerabilities before connecting to VPN

If you do not have the ability to patch, update, or correct the detected vulnerabilities--or if you are unsure whether to proceed--please contact your local IT Help Desk before using VPN.

Connect to AlamoVPN-MFA

How to Connect to VPN with MFA
  1. Open FortiClient on your device and select Remote Access from the menu on the left.
User connects to AlamoVPN-MFA through FortiClient
  1. In the "VPN Name" field, select AlamoVPN-MFA from the drop down menu.
User selects AlamoVPN-MFA from the list of remote access connections
  1. Enter in your domain\username and computer password, then click the Connect button.
  • Your domain is associated with your location of work. There are 6 domains across the Alamo Colleges District. district, nlc, nvc, pac01, spc, sac
  • Your username is the first part of your email prior to the @alamo.edu.
User enters their Alamo Colleges credentials to gain remote access to AlamoVPN-MFA

4. From your mobile device, open FortiToken Mobile app and complete one of the following options:

  1. Press Approve on the login request message on your mobile device to bypass typing in the OTP. This will automatically connect your device to AlamoVPN-MFA. (Skip Step 5 if you select this option.)

OR 

  1. Touch the eye icon to show the token (OTP) and proceed to Step 5.

A new token (OTP) will be issued when the timer has finished, so be sure to give yourself enough time type the token into FortiClient before it expires.

  1. Back on your device, type the token (OTP) into the "Token" field [1] and click the OK button [2].

Getting Assistance with Alamo MFA for VPN

For assistance with expired tokens, please see this guide.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.