Body
Overview
When you log in to the VPN via a web browser or the Ivanti Secure Access app, you will be presented with the same CAS authentication screen used by most UTK applications, including MyIRIS and MyUTK. You will need to approve the Duo login to access the VPN.
VPN Client Behavior
Default Windows client and Windows Store Client
- These clients do not support two-factor authentication.
- Install the Ivanti Secure Access client from the OIT Software distribution site to continue to use the VPN after the upgrade.
Ivanti Secure Access
- Make sure you install the latest version of the Ivanti Secure Access client from the OIT Software distribution site.
- 2FA 7-day Remember Me Option:
- The Windows Ivanti Secure Access client will cache credentials and honor the 7-day Remember Me option.
- The Mac Ivanti Secure Access client does not cache credentials or honor the 7-day Remember Me option. You must enter your NetID and Password and two-factor each time you log in.
- Ivanti Secure Access supports Duo Push and Passcodes but does not work with Yubikeys.
- Logins are good for 24 hours before you must re-authenticate to the VPN.
Automated Workflows
Automated workflows are not compatible with the Central Authentication Service (CAS).
If you are currently using automated workflows, please let us know how you are using them, and which account is performing the authentication request. Submit the information online at help.utk.edu.
For Linux
You have multiple options for connecting to the VPN:
- Ivanti Secure Access client. The Ivanti Secure Access client is available as a .deb and .rpm. OIT recommends the newest version of the client, 9.1R5, available from the OIT Software distribution site.
- OpenConnect. OpenConnect is available via most OS package managers; however, a wrapper must be installed to extract the cookie after login. Download the wrapper from GitHub; the instructions are available in the README.