# Features overview ### Remote Access with WireGuard® VPN 2FA/MFA: * [**Multi-Factor Authentication**](https://docs.defguard.net/2.0/features/wireguard/multi-factor-authentication-mfa-2fa) using our [desktop client](https://defguard.net/client) * **Multiple VPN Locations** (networks/sites) - with defined access (all users or only Admin group) * Multiple [Gateways](https://github.com/DefGuard/gateway) for each VPN Location ([**high availability/failover**](https://docs.defguard.net/2.0/deployment-strategies/high-availability-and-failover)) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense * Import your current WireGuard server configuration (with a wizard!) * *Easy* device setup by users themselves (self-service) * Automatic IP allocation * Kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support * [Dashboard and statistics overview](https://docs.defguard.net/2.0/features/wireguard/network-overview) of connected users/devices for admins *Defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.* ### [*Activity & Audit Logs*](https://docs.defguard.net/2.0/features/activity-log) * User event logging with detailed metadata * Advanced filtering and search by user, module, event type and time range * Role-based visibility - users can see only their events * Grouped logs by modules (Defguard, enrollment, VPN) * Real-time [log streaming](https://docs.defguard.net/2.0/features/activity-log/activity-log-streaming) to SIEM tools (Enterprise feature) ### OpenID Connect * Defguard is an internal OIDC provider for [Single Sign-On](https://docs.defguard.net/2.0/features/openid-connect). * Supports [external OpenID](https://docs.defguard.net/2.0/features/external-openid-providers) providers for user authentication. ### [Access Control List](https://docs.defguard.net/2.0/features/access-control-list) * Access rules for VPN locations * Allow or deny access based on users or groups * Changes are applied in **real time** ### Identity Management: * [**OpenID Connect**](https://openid.net/developers/how-connect-works/) **based SSO** * External [OpenID providers for login/account creation (Google/Microsoft/Custom)](https://docs.defguard.net/2.0/features/external-openid-providers) * LDAP (tested on [OpenLDAP](https://www.openldap.org/)) synchronization * Nice UI to manage users * Users **self-service** (besides typical data management, users can revoke access to granted apps, MFA, WireGuard, etc.) ### [Multi-Factor/2FA](https://en.wikipedia.org/wiki/Multi-factor_authentication) Authentication * [Time-based One-Time Password Algorithm](https://en.wikipedia.org/wiki/Time-based_one-time_password) (TOTP - e.g. Google Authenticator) * WebAuthn / FIDO2 - for hardware key authentication support (e.g. YubiKey, Face ID, Touch ID, ...) * Email tokens ### Account Lifecycle Management: * Secure remote (over the internet) [user enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment) * User [onboarding after enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment/user-onboarding-after-enrollment) * Self-service for password reset ### Notifications * [Email notifications ](https://docs.defguard.net/2.0/features/notifications/setting-up-smtp-for-email-notifications)via SMTP * [Gateway disconnect/reconnect](https://docs.defguard.net/2.0/features/notifications/gateway-notifications) notifications * [New version](https://docs.defguard.net/2.0/features/notifications/new-version-notifications) notifications ### YubiKey Provisioning [YubiKey hardware keys](https://www.yubico.com/) provisioning for users with *one click* ### Integrations [Webhooks](https://docs.defguard.net/2.0/features/integrations/webhooks) & [REST API](https://docs.defguard.net/2.0/features/integrations/api-tokens) Build with [Rust](https://www.rust-lang.org/) for portability, security, and speed