# Features overview ### Remote Access with WireGuard® VPN 2FA/MFA: * [**Multi-Factor Authentication**](/1.4/features/wireguard/multi-factor-authentication-mfa-2fa.md) using our [desktop client](https://defguard.net/client) * **Multiple VPN Locations** (networks/sites) - with defined access (all users or only Admin group) * Multiple [Gateways](https://github.com/DefGuard/gateway) for each VPN Location ([**high availability/failover**](/1.4/deployment-strategies/high-availability-and-failover.md)) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense * Import your current WireGuard server configuration (with a wizard!) * *Easy* device setup by users themselves (self-service) * Automatic IP allocation * Kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support * [Dashboard and statistics overview](/1.4/features/wireguard/network-overview.md) of connected users/devices for admins *Defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.* ### [*Activity & Audit Logs*](/1.4/features/activity-log.md) * User event logging with detailed metadata * Advanced filtering and search by user, module, event type and time range * Role-based visibility - users can see only their events * Grouped logs by modules (Defguard, enrollment, VPN) * Real-time [log streaming](/1.4/features/activity-log/activity-log-streaming.md) to SIEM tools (Enterprise feature) ### OpenID Connect * Defguard is an internal OIDC provider for [Single Sign-On](/1.4/features/openid-connect.md). * Supports [external OpenID](/1.4/features/external-openid-providers.md) providers for user authentication. ### [Access Control List](/1.4/features/access-control-list.md) * Access rules for VPN locations * Allow or deny access based on users or groups * Changes are applied in **real time** ### Identity Management: * #### [OpenID Connect](https://openid.net/developers/how-connect-works/) based SSO * External [OpenID providers for login/account creation (Google/Microsoft/Custom)](/1.4/features/external-openid-providers.md) * LDAP (tested on [OpenLDAP](https://www.openldap.org/)) synchronization * Nice UI to manage users * Users **self-service** (besides typical data management, users can revoke access to granted apps, MFA, WireGuard, etc.) ### [Multi-Factor/2FA](https://en.wikipedia.org/wiki/Multi-factor_authentication) Authentication * [Time-based One-Time Password Algorithm](https://en.wikipedia.org/wiki/Time-based_one-time_password) (TOTP - e.g. Google Authenticator) * WebAuthn / FIDO2 - for hardware key authentication support (e.g. YubiKey, Face ID, Touch ID, ...) * Email tokens ### Account Lifecycle Management: * Secure remote (over the internet) [user enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment) * User [onboarding after enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment/user-onboarding-after-enrollment) * Self-service for password reset ### Notifications * [Email notifications ](/1.4/features/notifications/setting-up-smtp-for-email-notifications.md)via SMTP * [Gateway disconnect/reconnect](/1.4/features/notifications/gateway-notifications.md) notifications * [New version](/1.4/features/notifications/new-version-notifications.md) notifications ### YubiKey Provisioning [YubiKey hardware keys](https://www.yubico.com/) provisioning for users with *one click* ### Integrations [Webhooks](/1.4/features/integrations/webhooks.md) & [REST API](/1.4/features/integrations/api-tokens.md) Build with [Rust](https://www.rust-lang.org/) for portability, security, and speed --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.defguard.net/1.4/about/features-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.