SDP User Doesn't Receive SMS MFA Code

When multi-factor authentication (MFA) is enabled for users, they choose to receive MFA codes through SMS on their phones. In order for this to work, the country code must precede the user's phone number or else the user will not receive the MFA code.

You can verify that the phone number includes the country code by checking the SDP Users configuration in the Cato Management Application.

VPN_General.png

SDP Users Created Through LDAP Sync

The failure to receive an MFA code over SMS is mostly seen when SDP users are imported from LDAP. As part of the LDAP sync, Cato imports the SDP user's phone number from one of two attributes:

  • mobile
  • telephoneNumber (if the mobile attribute does not exist)

It's important to populate these attributes with a phone number that includes the country code for MFA to work with SMS.

If the phone number is incorrect, fix the number in LDAP and then run another LDAP sync in the Cato Management Application. Once the LDAP sync is complete, the SDP user should start receiving MFA.

Go to Global Settings > Directory Services and click the Sync Now button to update an LDAP SDP user's phone number.

SyncNow.png

Manually Created SDP Users

If the SDP user is manually created, end users have control over the phone number that the MFA code is sent to through the Cato User Portal (https://myvpn.catonetworks.com). If these users are not receiving MFA codes and their number is incorrect in the Cato Management Application, direct them to the Cato User Portal to change their phone number.

After logging in, users can find the "View/Change 2FA Settings" link at the bottom of the page.

Change_2FA.png

Clicking that will take them to another page where they can click the "(Change Settings)" link next to 2 Factor Authentication. A pop-up window will then guide them through changing their phone number.

The phone number that the user inputs is validated and forces them to choose the country, automatically populating the country code.

 

SDP User is Not in a Supported Location

SMS MFA codes are only sent to users in these locations:

Australia Isle of Man Saudi Arabia
Austria Israel Serbia
Belarus Italy Singapore
Belgium Japan Slovakia
Bosnia and Herzegovina Kazakhstan Slovenia
Brazil Latvia South Africa
Bulgaria Lithuania South Korea
Canada Macedonia Spain
Chile Malaysia Sweden
China Mexico Switzerland
Colombia Morocco Taiwan
Croatia Netherlands Thailand
Czech Republic New Zealand Turkey
Denmark Norway U.S. Virgin Islands
Egypt Palestine Ukraine
France Peru United Arab Emirates
Germany Philippines United Kingdom
Greece Poland United States
Hong Kong Portugal Uruguay
Hungary Puerto Rico Uzbekistan
India Qatar Vietnam
Indonesia Romania  
Ireland Russia  

 

 

Was this article helpful?

0 comments

Add your comment