defguard
  • Welcome
  • Getting help
  • About
    • About defguard
    • Features overview
  • Getting started
    • One-line install script
  • Admin Features
    • Overview
    • Zero-Trust VPN with 2FA/MFA
      • Create/manage VPN Location
      • Network overview
      • Executing custom gateway commands
      • Multi-Factor Authentication (MFA/2FA)
        • MFA Architecture
      • Remote desktop client configuration
      • DNS and domains
    • Remote user enrollment
      • User onboarding after enrollment
    • SSO (OpenID Connect)
      • Portainer
      • Grafana setup
      • Proxmox
      • Matrix / Synapse
      • Django
      • MinIO
      • Vault
    • SMTP for email notifications
    • YubiKey Provisioning
    • Webhooks
    • Forward auth
    • SSH Authentication
    • Network devices
    • Activity & Audit logs
    • Gateway notifications
    • New version notifications
  • User features
    • Overwiew
    • Desktop Client
    • CLI Client
    • Configuring VPN
      • Defguard Desktop Client
        • Update instance
      • Other WireGuard® Clients
        • Configuring a device for new VPN Location manually
    • Password change / Reset
    • Enrollment & Onboarding
      • With internal Defguard SSO
      • With external SSO (Google/Microsoft/Custom)
    • Setting up 2FA/MFA
  • Enterprise Features
    • Overview
    • Enteprise features
      • Automatic (real time) desktop client configuration & sync
      • External OpenID providers
        • Google
        • Microsoft
        • Zitadel
        • Keycloak
        • JumpCloud
        • Okta
        • Custom
      • External OIDC secure enrollment
      • VPN & Client behavior customization
      • Access Control List
        • ACL Aliases
        • Implementation Details
      • Audit Log Streaming to SIEM systems
        • Supported SIEM systems integrations
          • Vector integration guide
          • Logstash integration guide
      • LDAP and Active Directory integration
        • Configuration
        • Settings table
        • Two-way LDAP and Active Directory synchronization
      • REST API
  • Deployment strategies
    • Prerequisites
    • Standalone package based installation
    • Docker images and tags
    • Docker Compose
    • Kubernetes
    • Terraform
    • High Availability and Failover
    • Upgrading
    • Pre-production and development releases
    • Gateway
      • Running gateway on MikroTik routers
  • Securing gRPC communication
  • OpenID RSA key
  • Health check
  • Configuration
  • Tutorials
    • Step by step setting up a VPN server
      • Adding additional VPN locations
  • In depth
    • Architecture
      • How do VPN statistics work
      • Security concepts
    • Roadmap
    • Release cycle
  • For Developers
    • Contributing
    • Environment setup
      • Translations (core/web)
        • Switching language
        • Adding translations
      • Translations (client)
        • Adding translations
  • Resources
    • Troubleshooting Guide
      • Sending support information
      • Client Windows installer exit codes
      • Client "All traffic" connection issues
      • WebAuthn security keys
Powered by GitBook
On this page
  • Remote Access with WireGuard® VPN 2FA/MFA:
  • Identity Management:
  • Account Lifecycle Management:
  • Yubikey Provisioning
  • Integrations

Was this helpful?

Edit on GitHub
  1. About

Features overview

PreviousAbout defguardNextOne-line install script

Last updated 11 days ago

Was this helpful?

Remote Access with WireGuard® VPN 2FA/MFA:

  • using our

  • multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group)

  • multiple for each VPN Location (r) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense

  • import your current WireGuard server configuration (with a wizard!)

  • easy device setup by users themselves (self-service)

  • automatic IP allocation

  • kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support

  • dashboard and statistics overview of connected users/devices for admins

defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.

Identity Management:

  • based SSO

  • External

  • LDAP (tested on ) synchronization

  • nice UI to manage users

  • Users self-service (besides typical data management, users can revoke access to granted apps, MFA, Wireguard, etc.)

  • WebAuthn / FIDO2 - for hardware key authentication support (eg. YubiKey, FaceID, TouchID, ...)

  • Email tokens

Account Lifecycle Management:

  • Self-service for password reset

Yubikey Provisioning

Integrations

Webhooks & REST API

Authentication

(TOTP - e.g. Google Authenticator)

Secure remote (over the internet)

User

provisioning for users with one click

Build with for portability, security, and speed

Multi-Factor Authentication
desktop client
Gateways
high availability/failove
OpenID Connect
OpenID providers for login/account creation (Google/Microsoft/Custom)
OpenLDAP
Multi-Factor/2FA
Time-based One-Time Password Algorithm
user enrollment
onboarding after enrollment
Yubikey hardware keys
Rust