You are here

Setup Procedure of HKUVPN with 2-Factor Authentication (2FA) for Mac OS X

1. Prerequisite
2. Configuration Procedures
3. Connection Procedures


1. Prerequisite

  1. With effect from 4 January 2016, 2-factor authentication (2FA) by making use of HKU Portal UID/PIN and a one-time password is required for accessing the HKUVPN service. You can register to use 2FA through the online form-
  2. Staff (except visiting, honorary and hourly-paid staff who can use alternate email address only) can choose to receive the token code either through a registered alternate email address or a Mobile App.

  3. Students and departmental account holders will receive the token code via their registered alternate email address.

  4. For staff who chooses to use Mobile App, please follow the procedure at http://www.its.hku.hk/documentation/guide/infosec/2fa/app-token to install the Mobile App.

  5. Please uninstall any earlier version of Cisco Anyconnect VPN client before you start the following installation.

2. Configuration Procedures (to be done once only):

The following steps are illustrated using Mac OS X version 10.10.

  1. Download the VPN client from HKU Portal.

    • Login HKU Portal (https://hkuportal.hku.hk).
    • Type "vpn" in the search field.
    • Click the link “Download HKUVPN Client”.
    • Click the download link of VPN client for Mac.
  2. (Optional step) Depending on your browser setting, your computer may automatically mount the dmg to your desktop. To manual mount the setup disk, double click the anyconnect-<VERSION>.dmg file and a volume disk labeled with AnyConnect-<VERSION> will appear on your desktop.

    double click on the installer

  3. Double click the volume disk AnyConnect-<VERSION> and then click AnyConnect.pkg to start the installation process.

     click AnyConnect.pkg

  4. Click Continue button.

    installation page

  5. Click Continue button.

    license terms

  6. Click Agree button to accept the license terms.

    agree license terms

  7. Check “VPN” package only and uncheck other packages including “Web Security”, “AMP Enabler”, “Diagnostics and Reporting Tool”, “Posture” and “ISE Posture", "Network Visibility" and Umbrella Roaming Security", then click Continue button.

    Check VPN package

  8. Click Install button.

    start installation

  9. Depending on your computer settings, you may be asked to allow the installation of VPN client. If the following dialogue box is shown, type the username and password of your Mac in the Username and Password fields respectively. Then click Install Software button.

    type your password of mac machine

  10. Click Close button to complete the installation.

    installation complete

3. Connection Procedures

  1. Select Go and choose Applications.

    Applications

  2. The VPN Client is installed in /Applications/Cisco/Cisco Anyconnect Secure Mobility Client. Double click Cisco Anyconnect Secure Mobility Client to launch the VPN client.

    run vpn client

  3. Enter vpn2fa.hku.hk and click Connect button.

    input server address

  4. Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click OK button.

    login with your HKU Portal UID and PIN

  5. (i) Applicable to staff/students who choose EMAIL TOKEN

    You will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.

    email contain otp

    (ii) Applicable to staff who choose APP TOKEN

    Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.

    Note: For installation of the mobile app, please refer to http://www.its.hku.hk/documentation/guide/infosec/2fa/app-token.

    On Android devices- On iOS devices-
    • Open FortiToken Mobile.

      FortiToken Mobile

    • Open FortiToken.

      FortiToken

    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • App token will be retrieved.

      app token

    • App token will be retrieved.

      app token

  6. Enter the 6-digit One Time Password in the Answer box and click Continue.

    input your otp

  7. After successful connection, a VPN Logo with padlock will appear.

    connection success

  8. Click the VPN icon and click Disconnect to disconnect from HKUVPN Server.

    disconnect vpn