You can secure access to SonicWall VPNs using LDAP. Users can sign in using either the Groove.id mobile app or by receiving a voice call on their phone. If using the mobile app, the will provide their username and a blank password. When signin in, a user will need to approve the signin on their mobile phone before the signin completes. If using a voice call, users will provide their account PIN in the password box. They will receive a phone call directing them to press the number one on their phone keypad to complete the sign in process.
In your Groove.id console (e.g. signin.example.com/setup) navigate to Apps.
Create a new LDAP application. Note the Server Address, Server Port, Root Binding DN.
From the SonicWall console, choose Users then Settings.
In the User Authentication method drop-down menu, select either LDAP or LDAP + Local Users.
Click Configure LDAP
For Name or IP Address provide the value give in the Groove.id console, something like auth.groove.id.
For Port Number, choose
For Server Timeout choose
Select Give bind distinguished name
For the Bind distinguished name provide the value from the Groove.id console. For Login Password type anything.
Check Use TLS.
Check Require valid certificate from server.
Do not check Force PAP to MSCHAPv2.
Click the Schema tab.
LDAP Schema choose Microsoft Active Directory.
In the Directory tab, note the value of Trees containing users is something like
example.com/Users. Turn this into a LDAP DN, something like
cn=Users,dc=example,dc=com. Put this value into the User Suffix field in the Groove.id console.
Choose the Test tab.
Enter a valid username or email address for User.
If you have the Groove.id mobile app set up, enter anything at all for the password. If you are using voice call authentication, enter your account PIN or password.
You will receive a notification or voice call. When you approve, your signin will complete.