iVALT Two-Factor Authentication in Access Server
OpenVPN's Access Server supports integrating iVALT 2FA using a Python post-authentication script.
Access Server supports integrating iVALT Two-Factor Authentication (2FA) using a post-authentication script (PAS). This allows administrators to add an additional authentication factor to the login process, requiring users to verify their identity through iVALT before establishing a VPN session.
With iVALT 2FA enabled, users must successfully complete both:
Their primary authentication method (such as local, LDAP, RADIUS, or SAML), and
The iVALT second-factor verification.
This integration can help organizations:
Strengthen remote access security.
Meet compliance requirements.
Add an extra layer of protection beyond username and password authentication.
The iVALT verification step is enforced during the post-authentication hook, before the VPN connection is fully established.
Important
The iVALT integration is implemented using a custom post-authentication script. Administrators are responsible for maintaining and validating the script configuration. Ensure the integration is properly tested before deploying it to production environments.