Cisco Meraki Client VPN incorporates several methods for authenticating users before they are allowed onto the network. For admins who want to incorporate an additional level of security, client VPN also allows for the use of third-party two-factor auth solutions, requiring users to go through a second authorization step.
Client VPN does not natively support two-factor auth, a third-party solution is required for this configuration. As such, please refer to your two-factor auth solution's documentation for additional information and troubleshooting.
Two-factor auth can be incorporated in one of two ways:
Both of the above methods are compliant under the PCI DSS 3.0 standard, as two-factor security for remote access.
Client VPN does not support the use of xauth, two-factor auth solutions that use xauth are not supported.
For reference, the following sites outline examples of two-factor auth that may be used with client VPN: