Configure MFA using Ziti Desktop Edge on MacOs

Checking on the steps required for this… I did have this working in the past… but have forgotten how to do this.

Steps that I am following are…

1. create MFA posture check

2. Link the posture check to a service policy

  1. Active the MFA check on Ziti Desktop Edge

However… when I get to this stage… I don’t have any options to setup the MFA…

any tips on how to do this?

What version of the Mac client are you running? It looks like you need to update it to the latest. It’ll be obvious when you do. There’ll be an mfa toggle in the upper right

I am using Version 2.24 (458).

I thought so… but for some reason… its not showing up.

Is there a change I need to make to an identity that I am missing?

You don’t see this toggle in the upper right?

in version 2.22, MFA support could be toggled on/off in the ZDE advanced settings (the gear icon in lower left corner). In versions 2.23 and 2.24 the MFA button you see in Clint’s screen shot should always be there. Can you try quitting and re-starting the app (and double checking the version from the About dialog)?

Just tried again… I must be doing something wrong

Any more tips on how to fix this?

It’s almost like the UI is stale. If you can force quit it maybe it’ll reload. Probably need @smilindave26 on this one. I don’t have enough Mac skillz to be tons if help unfortunately

1 Like

I just upgraded the MacOS over the weekend… not sure if that is causing an issue?

This is very strange. Is it possible that the ZDE app is running twice (e.g., do you see double icons for Ziti in your task bar or menu bar)?

If you go to the App Store page, does Ziti Desktop Edge still show as available for update or download?

As a final resort, try this:

  • make sure Ziti is disconnected (“Turn Ziti Off”)
  • quit the app via “Quit Ziti Desktop Edge” from the menubar
  • verify “Ziti Desktop Edge” and “PacketTunnelProvider” processes aren’t running (you can use Activity Monitor)
  • From Apple’s System Preferences/Network, select “Ziti Desktop Edge” and hit the “-” above the Lock icon (you may need to Unlock first), and make sure to push the Apply button.
  • Go to the App Store and re-install Ziti Desktop Edge

Hi All / @markamind,

The issue is one I encountered with MacOS a while back. What you’ll need to do to resolve it is the following:

  1. Disconnect and quit the ZITI Desktop Edge software. No need to uninstall it.
  2. Go into MacOS’ “system settings” and click on “network” for pre-ventura versions or “vpn” for ventura.
  3. Click the “-” icon after selecting Ziti Desktop Edge for pre-ventura versions or the “i” icon for ventura.
  4. Click “remove configuration” for ventura .
  5. Now click ZITI Desktop Edge from your apps and it will ask to reinstall the VPN configuration.

Once all that has been done, you should see the full set of toggles in the ZITI Desktop Edge.

1 Like

Perfect… that worked… I needed to remove the VPN connection which cleared the settings :slight_smile:


You’re welcome! Thanks for asking on behalf of the community.

One discovery that I have is the scenario where you lose your mobile device… that will cause you to lose access to your network.

The traditional approach is to rely on back up codes… or migrate the authenticator app to another device.

My preference instead is to simply delete the users identity and have them walk through the re-enrollment process. I find this a much simpler way for users to recover access.

Keen to learn other’s viewpoints about this… as while adding security is good… we also need to have an equally easy way to recover when users lose access

One method is self-service by the user, one method requires administrator access. That’s the difference to me. Personally I want to be in control of my own destiny in that way and prefer to have the codes as a stop gap.

This will be addressed when the 2.29 Ziti Desktop Edge for Mac release hits the App Store. PR: Show MFA controls regardless of VPN profile setting by smilindave26 · Pull Request #137 · openziti/ziti-tunnel-apple · GitHub