To align with the greater need for remote network access among Faculty/Staff and increased security requirements, Endicott has implemented a SonicWall Secure Mobile Access (SMA) appliance to facilitate VPN connections. The SMA appliance will utilize Okta (Endicott's Identity and Access Management platform) for authentication and access permissions and remove the need for Campus Technology to configure VPN accounts and connection profiles manually.
The instructions below outline the process for configuring the new SMA VPN on Endicott-issued Windows workstations.
- If you are part of the small group of users who had previously used the SMA VPN connection with Duo multifactor authentication, please set up your Okta account (see Prerequisites) before continuing to use the SMA VPN.
Please note: Attempting to access the SMA VPN from a non-Endicott Windows device is strictly prohibited and will lead to the termination of VPN access.
- The SMA appliance relies on Okta to authenticate VPN sessions. If you have not configured your Endicott Okta account, please follow the initial setup process outlined in the article Getting Started With Your Endicott Okta Account.
- The SMA appliance uses the SMA Connect Agent and NetExtender VPN Client applications to facilitate VPN connections on Windows devices.
Initial Connection Setup:
- Open a web browser on your Endicott-issued Windows workstation and navigate to https://vpn.endicott.edu (ideally, this should be done in your default web browser). On the "Virtual Office" welcome screen, choose "endicott.okta.com" from the "Domain" drop-down menu and click "Next."
- Your browser will redirect to the Endicott-branded Okta login page (https://endicott.okta.com). Follow the Okta prompts to complete the authentication process -- if you have an existing Okta authentication session for another application, you will automatically be authenticated. Once authentication is complete, you will be returned to the "Virtual Office" portal.
- If this is your first time connecting, your browser will display a series of prompts requesting permission to open several applications:
-
SMA Connect Agent: At the following prompt, click "Installed" to allow your browser to launch the SMA Connect Agent and continue the connection process. The SMA Connect Agent will open in the background, and your browser should remember this choice for future sessions.
-
NetExtender VPN Client: Your browser uses the SMA Connect Agent to open and configure the NetExtender VPN Client on your computer. At the following prompt, tick the "Always Allow" checkbox for your browser to launch the application and click "Open SonicWall SMA Connect Agent".
-
SMA Connect Agent: At the following prompt, click "Installed" to allow your browser to launch the SMA Connect Agent and continue the connection process. The SMA Connect Agent will open in the background, and your browser should remember this choice for future sessions.
- The NetExtender VPN Client will launch automatically, and the pop-up window will show a " Connected " status in the top right-hand corner. You will also see a connection notification in the lower right-hand corner of your screen. Once the connection has been established, you can close the NetExtender window -- the application will minimize to the Windows system tray in the lower right-hand corner of your screen.
- To disconnect from the VPN, open the NetExtender context menu by right-clicking the NetExtender icon in the Windows System Tray (see screenshot below). Click "Disconnect", located at the top of the context menu.
Connecting to the SMA VPN:
After completing the initial SMA VPN connection configuration in Mobile Connect, there are two ways to re-establish a VPN connection:
-
Option 1: Connecting via Web Browser
- Open a web browser on your Endicott-issued macOS workstation and navigate to https://vpn.endicott.edu (ideally, this should be done in your default web browser). On the "Virtual Office" welcome screen, choose "endicott.okta.com" from the "Domain" drop-down menu and click Next.
- Your browser will redirect to the Endicott-branded Okta login page (https://endicott.okta.com). Follow the Okta prompts to complete the authentication process -- if you have an existing Okta authentication session for another application, you will automatically be authenticated. Once authentication is complete, you will be returned to the "Virtual Office" portal.
- If you have previously allowed your default browser to launch the SonicWall Mobile Connect application, the application should launch and establish your connection. Once the connection has been established, Mobile Connect will show the connection status as "Connected."
-
Option 2: Connecting via Saved VPN Profile in Mobile Connect
- Ensure that the SonicWall Mobile Connect application is running on your Mac. In the Menu Bar in the top right-hand corner of your screen, click the Mobile Connect icon and select the "vpn.endicott.edu" connection profile in the drop-down menu.
- A new window will appear on your screen, asking for authentication information. Click on the Domain field and select "endicott.okta.com" from the drop-down menu. Click Login.
- The Mobile Connect application will launch your default browser (or open a new tab) and redirect to the Endicott-branded Okta login page (https://endicott.okta.com). Follow the Okta prompts to complete the authentication process -- if you have an existing Okta authentication session for another application, you will automatically be authenticated.
- Once authentication is complete, you will be redirected to a page with an "Authentication Succeeded" message (see below) and can close the browser tab/window.
- Mobile Connect will then show the connection status as "Connected."
Troubleshooting:
If you experience any issues with configuring your new VPN connection or authenticating with Okta, please open a support ticket with Campus Technology at https://endicott.freshservice.com/support/home.