MFA / 2FA for Omada Cloud

MFA / 2FA for Omada Cloud
MFA / 2FA for Omada Cloud
2020-05-15 20:26:18
Model: OC200
Hardware Version:
Firmware Version:

Hi there,

 

As I've been working through a medium sized PoC/PoV deployment I came across a security gap in the Omada Cloud offering.

Is MFA / 2FA functionality on the roadmap for the OC200 / software controller and the cloud remote managemnt?

A similar setup to how Ubiquiti does it would be great! (via an authenticator app or WebAuthN).

This would be a great addition!

 

Thanks!

8
8
#1
Options
43 Reply
Re:MFA / 2FA for Omada Cloud
2020-05-15 23:40:30

@WirelessForEver Hi!  Yes that would be nice to have. I am testing the OC200 and a couple TPLink AP's compared to Ubiquiti I have been using for years.  I am trying to find a solution much better than their hardware.... been going downhill for sure in last 3 years......

2
2
#2
Options
Re:MFA / 2FA for Omada Cloud
2020-05-16 00:34:38 - last edited 2020-05-16 00:40:52

@Doc2485 

 

You are thinking on the exact same lines as me!

Hopefuly TP-Link learns from Ubiquit's success with their long term and continous feature / firmware releases!

 

If these little things can just be added with future releases...

 

The hardware performance and quality of this new Omada line is awesome.

 

0
0
#3
Options
Re:MFA / 2FA for Omada Cloud
2020-05-16 00:39:45

@WirelessForEver Yes we are thinking on the same page!!!  Been using their stuff for 15 years and I feel they have NO QA anymore and I cannot run my business with those type of failures per week and that amount of stress it gives us on worrying......

 

Yes so far my testing has went well with TPlink... it doesnt have all the bells and whistles but I just want it to work and be solid.  YES if TPlink would do things right and this is the perfect time for them to get ALOT of new clients if they do it correctly and learn from all their mistakes!!!!

 

smiley

1
1
#4
Options
Re:MFA / 2FA for Omada Cloud
2020-05-16 00:49:36

@Doc2485 

 

You're so right - we're 100% on the same page.

Take a look at my post history if you're curious on any of the problems I've found so far while I've been doing my eval.

0
0
#5
Options
Re:MFA / 2FA for Omada Cloud
2020-05-16 00:54:41

@WirelessForEver Yes history doesnt look to bad to me.  I am wanting TPLink to do the same SDN so all hardware is managed in the OC200 just like Unifi has now.  I think its coming out but no ETA?  Speed wise TPlink little behind on radios like the Airmax ones.  I am looking for solid routers for sure..... Unifi routers are just totally junk in my book.

1
1
#6
Options
Re:MFA / 2FA for Omada Cloud
2020-05-16 02:02:56

@Doc2485 Pretty impressed with this little router:

 

TP-Link Load Balance Broadband Router TL-R470T+ V2

https://www.youtube.com/watch?v=YDUfP8a5zNY

 

1
1
#7
Options
Re:MFA / 2FA for Omada Cloud
2020-07-15 19:49:08

@WirelessForEver It really is a must to be included. Ransomware is now targeting MSP's because once they get in the MSP, they have access to all the companies that they have access to.

1
1
#8
Options
Re:MFA / 2FA for Omada Cloud
2020-09-03 19:54:05

@WirelessForEver

I would really appreciate it if 2FA worked; so i will only use local login and not use the cloud controller.
1
1
#9
Options
Re:MFA / 2FA for Omada Cloud
2020-10-29 01:28:39

I just setup the OC200 with a couple EAP245v3 APs at home. Works amazing.

 

Big disappointment on the lack of 2FA for cloud login. Exposing a wifi network to the cloud on an auth model that is susceptible to brute force attacks is irresponsible.

 

I'm shocked that it's not an option, so it's disabled for now which limits this solutions remote management capabilities without a VPN connection.

 

If they overlook such a fundamental security requirement, what else is missing?

4
4
#10
Options
Re:MFA / 2FA for Omada Cloud
2020-10-29 20:43:24 - last edited 2020-10-29 20:43:39

Thanks for supporting me on this everyone!

 

If TP-Link won't do MFA I'd even be happy with allowing us to configure our own IDP via SAML 2.0 / ODIC and do MFA that way... e.g. Okta, Azure AD or Duo + another IDP.

0
0
#11
Options