You are here

Setup Procedure of HKUVPN with 2-Factor Authentication (2FA) for Mac OS X

1. Prerequisite
2. Configuration Procedures
3. Connection Procedures


1. Prerequisite

  1. 2-factor authentication (2FA) is required for accessing the HKUVPN service.  
  2. Please uninstall any earlier version of Cisco Anyconnect VPN from your Mac before you start the following installation.

2. Configuration Procedures (to be done once only):

The following steps are illustrated using Mac OS.

  1. Download the VPN client for Mac from here.

  2. (Optional step) Depending on your browser setting, your computer may automatically mount the dmg to your desktop. To manual mount the setup disk, double click the anyconnect-<VERSION>.dmg file and a volume disk labeled with AnyConnect-<VERSION> will appear on your desktop.

    double click on the installer

  3. Double click the volume disk AnyConnect-<VERSION> and click AnyConnect.pkg to start the installation process.

     click AnyConnect.pkg

  4. Click the Continue button.

    installation page

  5. Click the Continue button.

    license terms

  6. Click the Agree button to accept the license terms.

    agree license terms

  7. Check “VPN” package only and uncheck other packages including “Web Security”, “AMP Enabler”, “Diagnostics and Reporting Tool”, “Posture” and “ISE Posture", "Network Visibility" and Umbrella Roaming Security".  Click the Continue button.

    Check VPN package

  8. Click the Install button.

    start installation

  9. Depending on your computer settings, you may be asked to allow the installation of VPN client. If the following dialogue box is shown, type the username and password of your Mac in the Username and Password fields respectively. Click the Install Software button.

    type your password of mac machine

  10. Click Close button to complete the installation.

    installation complete

     

    Below steps are required in MacOS 11.x (Big Sur) or later only. After the release of MacOS Big Sur, the AnyConnect VPN client must be allowed in System Extension

  11. After installing Cisco AnyConnect, click Open Security Preferences when the System Extension Blocked pop-up appears.

    System Extension Blocked

  12. Click the Lock Icon to unlock the settings for changes in Security & Privacy Window

    Security and Privacy

  13. Type the username and password of your Mac in the Username and Password fields respectively. Click the Unlock button.

    Security and Privacy 2

  14. Click Allow button next to message of System software from application “Cisco AnyConnect Socket Filter” was blocked from loading

    security and Privacy 3

3. Connection Procedures

  1. Select Go and choose Applications.

    Applications

  2. The VPN Client is installed in /Applications/Cisco/Cisco Anyconnect Secure Mobility Client. Double click Cisco Anyconnect Secure Mobility Client to launch the VPN client.

    run vpn client

  3. Enter vpn2fa.hku.hk and click Connect button.

    input server address

  4. Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click OK button.

    login with your HKU Portal UID and PIN

  5. (i) Applicable to staff/students who choose EMAIL TOKEN

    You will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.

    email contain otp

    (ii) Applicable to staff who choose APP TOKEN

    Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.

    Note: For installation of the mobile app, please refer to https://www.its.hku.hk/documentation/guide/infosec/2fa/app-token.

    On Android devices- On iOS devices-
    • Open FortiToken Mobile.

      FortiToken Mobile

    • Open FortiToken.

      FortiToken

    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • App token will be retrieved.

      app token

    • App token will be retrieved.

      app token

  6. Enter the 6-digit One Time Password in the Answer box and click Continue.

    input your otp

  7. After successful connection, a VPN Logo with padlock will appear.

    connection success

  8. Click the VPN icon and click Disconnect to disconnect from HKUVPN Server.

    disconnect vpn