New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


RADIUS / 2 Factor Authentication PRTG Logins

Votes:

9

Your Vote:

Up

Down

I am looking to enable RADIUS authentication such that anyone who logs into the RTG web GUI is authenticated against a RADIUS server that uses a two factor authenitcation schema.

This requires PRTG to accomodate both RADIUS and not cache logon credentials from the user so they are authentication each time.

At time of writing, PRTG does not support this feature (04/04/2014), please vote if you would like to see this feature added.

authentication feature-request prtg radius two-factor wishlist

Created on Apr 4, 2014 10:23:09 AM by  Stuart Little (9) 1

Last change on Apr 4, 2014 1:27:03 PM by  Greg Campion [Paessler Support]



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

Hi everyone,

this feature request has been converted into an official feature request: https://kb.paessler.com/en/topic/81138-2fa-implementation

Please read our new guide on how we want to handle requests in the future. Thanks!


Kind regards,
Stephan Linke, Tech Support Team

Created on Aug 30, 2018 11:01:50 AM by  Stephan Linke [Paessler Support]



32 Replies

Votes:

0

Your Vote:

Up

Down

This would be fantastic to have my Mi-token roped into PRTG's interface (using RADIUS). I could open my instance up to our Corporate IPs.

Created on May 23, 2014 1:47:25 PM by  Nathaniel (0) 1



Votes:

0

Your Vote:

Up

Down

Agreed. 2-factor is becoming the standard, and PRTG contains sensitive information that our customers would not want divulged.

Created on Feb 4, 2015 8:43:59 PM by  response3 (0)



Votes:

0

Your Vote:

Up

Down

I also think this would be a fantastic option as 2FA is becoming an industry standard.

Created on Mar 19, 2015 3:06:16 PM by  tkudela (0) 1



Votes:

0

Your Vote:

Up

Down

In my opinion it is becoming a standard Paessler should introduce into PRTG. I hope PRTG will introduce this feature somewhere in the near future!

Created on Apr 14, 2015 8:15:30 AM by  RoyV (110) 2



Votes:

0

Your Vote:

Up

Down

hear hear

Created on Apr 14, 2015 11:36:28 AM by  yann shukor (0)



Votes:

0

Your Vote:

Up

Down

Would love to have this implemented, my work place uses AuthAnvil for all of our enterprise clients and systems. In order to be able to access PRTG externally or from another internal network it is a minimum requirement of two factor auth. Hoping this comes in the near future!

Created on Aug 19, 2015 7:34:14 PM by  Nick McGill (0) 1



Votes:

0

Your Vote:

Up

Down

Hi there, I'll also count your wish on our feature request list.

Best regards, Felix

Created on Aug 21, 2015 12:03:19 PM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

We would love 2-factor authentication for PRTG. We also use 2 FA for our Horizon View environment and Google for Work.

Created on Oct 6, 2015 6:04:30 PM by  Arnout (0) 1



Votes:

0

Your Vote:

Up

Down

We need PRTG for some Goverment Monitoring. So a 2-factor authenticantion is Menditored in our Enviorment.

Created on Dec 8, 2015 1:12:46 PM by  capo (0) 1



Votes:

0

Your Vote:

Up

Down

That would be nice. However AD integration is pretty broken, per the following limitation: "If you want to reflect changes to your AD in PRTG, you have to delete the AD user group and all members first. Then add the AD group anew. This is because PRTG does not synchronize with your AD automatically." https://www.paessler.com/manuals/prtg/active_directory_integration

Correct propagation of AD group membership changes for existing users and groups does not happen. Not immediately, not on the "hourly sync schedule" (what does that even do?), and not even once daily. Since AD users are not re-created until they log in to the PRTG GUI (and they won't receive group-based notifications until they do), this presents a problem when you need to change group membership.

Paessler development has replied that they do not consider fixing this a priority. "I hope you understand that we are not able to allocate development power into the enhancement of the AD integration within PRTG, since the big majority of our users simply is satisfied with the way it is working right now." The only way users could be satisfied with the way AD integration currently works is by only using it for password synchronization, avoiding finer-grained group-based security, and basing notifications on mail distribution lists. These imply lowered security and higher administrative overhead.

I therefore would be surprised if they could implement RADIUS/2-factor authentication and make it secure and useful.

Created on Jul 7, 2016 5:59:52 PM by  ppanon (0)



Votes:

0

Your Vote:

Up

Down

I'm afraid that there are no updates for the moment. In this knowledge base article you can see that the feature is only requested by a few customers once in a while. This would indeed be a great feature. but we try to invest our development time in features, which help as many customers as possible. This is why I do not see this feature coming in the very near future, sorry.

Best, Felix

Created on Jul 8, 2016 11:25:20 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

2FA authentication is a must-have in todays IT, if you don't use it you're leaving yourself open unnecessarily open to hacks/abuse.

Created on Dec 10, 2016 8:30:12 PM by  lasseoe (0)



Votes:

0

Your Vote:

Up

Down

As voted elsewhere, RADIUS would ease our admin overhead (compliance) validating local user accounts. Although we use a Cisco ACS which can do AAA, we now need to ask another team to integrate with their Windows AD.

Created on Nov 28, 2017 9:03:28 AM by  Jean Christophe ch6849oemsw (110) 1 1



Votes:

0

Your Vote:

Up

Down

We get more and more questions about 2fa for the webpage. The storage of information PRTG contains is enormous. In our opinion 2FA should be implemented very soon.

Created on Dec 12, 2017 8:51:12 AM by  Wizzbit (0) 1



Votes:

0

Your Vote:

Up

Down

Thanks for voting for this feature. We will consider it, stay tuned for updates.

Best regards, Felix

Created on Dec 12, 2017 9:21:27 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

This is a must have in 2018. Anyone dealing with strict compliance such as PCI, NERC CIP, etc... will require 2 factor to be able to make the business justification for using this software in their protected environments. It definitely rules out using the mobile app and any external access. To me this a basic requirement for any internet facing software these days.

Created on Jan 4, 2018 10:25:33 PM by  bb4cu (0)



Votes:

0

Your Vote:

Up

Down

2FA is something we'll look into in 2018, as per our internal roadmap. However, there's no ETA.

Thanks for your patience!


Kind regards,
Stephan Linke, Tech Support Team

Created on Jan 5, 2018 7:05:57 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I am looking to move my PRTG site to an external facing site. One of my issues preventing me from doing so is the fact that there is no 2FA. IT is 2018, with all of the breaches, and the amount of sensitive data PRTG contains, why is this not already in place? This should not just be on your internal roadmap, it should be a must for 2018!

Created on Mar 7, 2018 1:07:04 PM by  hidefcomputers (0)



Votes:

0

Your Vote:

Up

Down

I would like to echo many others on this thread. It is crazy that PRTG does not have 2FA. There is no way to have a publically facing site without it. Every organization that accepts credit cards in the US must be PCI compliant and the compliance requires 2FA for all admins. This product will is likely to have only admins logging in. Not to mention HIPPA, GBLA and the many other laws requiring secure logins in both the US and Europe.

OTP is very easy to implement and there is considerable information and code examples to make this happen in very short order.

It would be impossible to consider this product secure in today's Internet environment without this critical feature.

Created on Mar 18, 2018 5:37:22 PM by  mclift (0)



Votes:

0

Your Vote:

Up

Down

We understand that it's about time to implement this and that it's mission critical for our customers. I've pushed the request again in our internal bug tracker to make sure your voices are heard.


Kind regards,
Stephan Linke, Tech Support Team

Created on Mar 19, 2018 10:39:26 AM by  Stephan Linke [Paessler Support]

Last change on Mar 19, 2018 10:39:41 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I also need this feature.

Created on Mar 20, 2018 5:29:24 PM by  manimichart (20) 1



Votes:

5

Your Vote:

Up

Down

RequestAs a PRTG user, I'd like to use a second factor for authentication (MFA, 2FA)
TypeNew Feature
DescriptionAdditional to our normal login options, we'd like to use multi factor authentication to further secure our public facing PRTG installation.
StatusPostponed

Updates

DateNotes
22.03.2018After a long discussion, we learned that this feature is rather difficult to implement in short terms and doesn't fit into our roadmap for 2018 anymore.

In addition, it is not clear if our customers want to integrate their existing authentication systems with PRTG, or if it would be sufficient to provide a second factor through our PRTG mobile apps only. Any feedback on this is appreciated!

We will revisit the issue in 2019.

Created on Mar 23, 2018 9:13:12 AM by  Stephan Linke [Paessler Support]

Last change on Mar 23, 2018 9:26:29 AM by  Daniel Zobel [Paessler Support]



Votes:

0

Your Vote:

Up

Down

While I can understand not being able to implement RADIUS not implementing 2FA for the web interface is completely unacceptable and makes the product NOT available to the mobile apps because we cannot expose the interface to the internet without 2FA and remain complaint with the many laws requiring us to maintain data integrity in all systems. We cannot let PRTG become an avenue for network penetration. The information contain in the system is a roadmap to our infrastructure and a very valuable resource for us as well as those that would do harm to us. It leaves me dismayed that with all the news about networks being broken into that the need for this important security feature escapes those making the decisions in your organization.

The OTP (e.g. Google Authenticator) code is readily available and I am sure your engineers would have little trouble implementing it on the Web Interface and in the Mobile Apps. This would satisfy the need of most of us for compliance.

This product without 2FA is no longer compliant for most IT organizations in the US. We will be forced to make other decisions at renewal time. This is the only tool that we do not have 2FA on and access to the web interface is only allowed from a very specific network within our organization. This greatly lessens its value to us. Doubt we will be adding more sensors until this is addressed.

Created on Mar 23, 2018 3:30:58 PM by  mclift (0)



Votes:

0

Your Vote:

Up

Down

Hi Mclift,

I understand that it's frustrating from a customer perspective, but as stated in my latest reply, it's not as easy as putting

if(otpCode.calculated == otpCode.received)
  login == true; 

There's much more to it - Implementation of additional pages within the webinterface, storing the information properly, adding fallback authentication options in case the devices gets lost, modify the apps, etc.

Believe me, if it would be simple, we would've done it already. But as it requires manpower across various departments, we'll need to plan this accordingly.

I'm a fan of 2FA as well, enabling it whenever I can. But it's not that easy behind the scenes.


Kind regards,
Stephan Linke, Tech Support Team

Created on Mar 26, 2018 7:08:04 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

This is ridiculous, because PRTG lacks coding capacity you are postponing necessities? Seriously? You heard of GDPR & ISO27001?

In today's world where itendentity's are hijacked, you need central user directories (SAML/ADFS/Radius/LDAP) to authenticate, 2fa, audit and ensure identity. Thats why it's mandatory in ISO27001.

Created on Apr 30, 2018 6:41:55 AM by  Bastiaan (20) 1



Votes:

0

Your Vote:

Up

Down

I understand your frustration with this, but I can't say more than that we'll revisit this in 2019. Sorry.


Kind regards,
Stephan Linke, Tech Support Team

Created on Apr 30, 2018 7:49:22 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

As asked for several time via e-mail; we would like multifactor authentication as well. We don not understand how this is not implemented / on the roadmap for the near future.

Created on Jun 5, 2018 6:03:31 AM by  rickdohmen (0) 1



Votes:

0

Your Vote:

Up

Down

I would like to see 2FA as well. I would like to be able to open PRTG up to the outside for the mobile app, but am holding off until 2FA. Our policy is that anything publicly facing of this nature requires 2FA.

Thanks

Created on Jun 17, 2018 7:02:49 PM by  Hey_Mon_itor (0)



Votes:

0

Your Vote:

Up

Down

To all who are interested in increasing visibility for this issue: According to this post on another thread - https://kb.paessler.com/en/topic/69451-monitoring-nutanix#reply-277638 - we need to thumbs up (upvote) the first post of this thread. This is now used to increase visibility of an issue in the PRTG knowledge base.

Created on Aug 3, 2018 4:33:42 PM by  manimichart (20) 1



Votes:

0

Your Vote:

Up

Down

We also require 2FA for public-facing systems, monitoring critical infrastructure. Please add.

Created on Aug 5, 2018 4:28:00 AM by  GeekStick (0)



Accepted Answer

Votes:

0

Your Vote:

Up

Down

Hi everyone,

this feature request has been converted into an official feature request: https://kb.paessler.com/en/topic/81138-2fa-implementation

Please read our new guide on how we want to handle requests in the future. Thanks!


Kind regards,
Stephan Linke, Tech Support Team

Created on Aug 30, 2018 11:01:50 AM by  Stephan Linke [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hey,

i've createad a Feature Request about SSO/MFA please check this and upvote if you agree: https://kb.paessler.com/en/topic/82629-open-prtg-sso-with-ad-or-adfs-including-2fa

Thanks! Ben

Created on Nov 27, 2018 12:56:12 PM by  ben (61) 1



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.