Follow these instructions to set up code-based Multi-Factor Authentication for your SonicWall SSL VPN connection.
Pre-requisites:
These steps will need to be completed the first time you connect after it has been enabled for your organization.
- You will need an authenticator app installed on your smartphone. If you already have one, proceed to the next step.
Step-by-step Instructions:
Otherwise. download ‘Microsoft Authenticator’ app from the app store on your smart phone. Go to https://www.microsoft.com/en-us/account/authenticator or within the App Store/Play Store search for ‘Microsoft Authenticator’:
- When you attempt to log in with SSL VPN client for the first time after MFA is enabled, you will initially get the following error, this indicates that MFA has been enforced and you will need to set it up first before proceeding:
You need to bind your App for Time based One-Time password. Please go to portal login and bind it.
- Log into SSL VPN portal on your computer. The path for this will be https:// followed by what is in the SERVER box in your NetExtender client.
Note: Depending on your web browser, you may be prompted by a security page saying the connection isn’t private/secure, you will need to click Advanced and ‘Proceed to login’ or ‘Accept the Risk and Continue’
- Enter your username, password, and select the Domain (all should all be the same as what you use in NetExtender).
- After entering your Company username & password, you will be prompted with a QR code and an emergency scratch code
NOTE: Please (securely!) store the emergency scratch code as it is the only way to login without opening a ticket if the mobile device is lost or reset.
- Open the Microsoft Authenticator App on your smart phone (previously installed in step 1). The icon looks like this:
- On the first screen, you can optionally link this to a Microsoft account to store and backup your authenticators. If you do not wish to do this right now, click Skip.
- Click Add Account on the next screen.
- Select Other (Google, Facebook, etc.)

- Scan the QR code from the SonicWall login page.
Once the QR code is scanned, the Microsoft Authenticator App will update to show it added to the bottom of the list of authenticators. You should see a 6-digit OTP code that refreshes every 30 seconds.
- Paste the current code into the 2FA Code field in the SonicWall page. Click OK. This completes the binding process.
- Confirm you can access SonicWall VPN now:
Click connect. You will be prompted for Authentication. Enter the current code from your Microsoft Authenticator app.
Once this is done, you should be connected and should have the same ability to connect to resources as you had before (nothing else will have changed).
Going forward, expect to be prompted for a code from your Authenticator app each time you connect.
Troubleshooting:
- If it refuses to accept the six-digit authenticator code, make sure your phone has the correct time (within 30 seconds) and update if necessary.
- If you continue to have issues, Open a ticket with GreenLoop. (How to: Open a New Ticket)