Setup Procedure of HKUVPN with Multi-Factor Authentication (MFA) for macOS

1. Prerequisite

  1. MFA authentication (MFA) is required for accessing the HKUVPN service.
  2. Only the Microsoft Authenticator App or SMS (Phone Text) are supported as sign-in methods for logging into the HKUVPN service. The phone call method is NOT compatible with HKU VPN. Please refer to the appendix for instructions on changing your default sign-in method to a supported option.
  3. Please uninstall any earlier version of Cisco Anyconnect VPN or Cisco Secure Client from your macOS before you start the following installation.

2. Configuration Procedures (to be done once only)

The following steps are illustrated using macOS 13.

  1. Download the VPN client for macOS from here.
  2. (Optional step) Depending on your browser setting, your computer may automatically mount the dmg to your desktop. To manual mount the setup disk, double click the cisco-secure-client-*.dmg file and a new volume disk will appear on your desktop.

    installation

  3. Double click the volume disk and click cisco-secure-client-*.pkg to start the installation process.

    Double click the volume disk and click cisco-secure-client-*.pkg to start the installation process.

  4. Click the Continue button.

    Click the Continue button.

  5. Click the Continue button.

    Click the Continue button.

  6. Click the Agree button to accept the license terms.

    Click the Agree button to accept the license terms.

  7. Click the Install button.

    Click the Install button.

  8. Depending on your computer settings, you may be asked to allow the installation of VPN client. If the following dialogue box is shown, type the username and password of your macOS in the Username and Password fields respectively. Click the Install Software button.

    Click the Install Software button.

  9. Click the Close button to complete the installation.

    Click the Close button to complete the installation.

  10. Authorise Cisco Secure Client in System Extension
    • After installing Cisco Secure Client, click Open System Settings when you encounter the System Extension Blocked pop-up.

      After installing Cisco Secure Client, click Open System Settings when you encounter the System Extension Blocked pop-up.

    • Click the Allow button adjacent to the message stating that the system software from the application “Cisco Secure Client – Socket Filter” has been blocked from loading.

      Click the Allow button adjacent to the message stating that the system software from the application "Cisco Secure Client - Socket Filter" has been blocked from loading.

    • Type the username and password of your macOS in the Username and Password fields respectively. Click the Modify Settings button.

      Type the username and password of your macOS in the Username and Password fields respectively. Click the Modify Settings button.

    • click Allow button when the “Cisco Secure Client – Socket Filter” Would Like to Filter Network Content pop-up appears.

      click Allow button when the “Cisco Secure Client – Socket Filter” Would Like to Filter Network Content pop-up appears.

3. Connection Procedures

  1. Navigate to Finder, select “Go” from the top menu, and then click on “Applications”

    Navigate to Finder, select "Go" from the top menu, and then click on "Applications"

  2. The VPN Client is installed in /Applications/Cisco/Cisco Secure Client. Double click Cisco Secure Client to launch the VPN client.

    The VPN Client is installed in /Applications/Cisco/Cisco Secure Client. Double click Cisco Secure Client to launch the VPN client.

  3. Enter  vpn2fa.hku.hk and click Connect button.

    Enter vpn2fa.hku.hk and click Connect button.

  4. Enter your HKU email address (UID@hku.hk or UID@connect.hku.hk) and PIN in the Username and Password fields respectively and click OK button.

    Enter your HKU email address (UID@hku.hk or UID@connect.hku.hk) and PIN in the Username and Password fields respectively and click OK button.

  5. (i) For users who choose Microsoft Authenticator App as the default sign-in method (The most common method):
    • Open the Microsoft Authenticator app on your mobile device.
    • Retrieve the One-time password (OTP).

      Retrieve the One-time password (OTP).

    (ii) For users who choose SMS (Phone Text) as the default sign-in method:

    • You will receive an SMS containing the One-time password (OTP) on your registered phone number.
    • The OTP is valid for 3 minutes from the time it is sent. Retrieve the OTP from the SMS.

      The OTP is valid for 3 minutes from the time it is sent. Retrieve the OTP from the SMS.

  6. Enter the 6-digit One Time Password (OTP) in the Answer box and click Continue.

    Enter the 6-digit One Time Password (OTP) in the Answer box and click Continue.

  7. After successful connection, a VPN Logo with padlock will appear.

    After successful connection, a VPN Logo with padlock will appear.

  8. Click the VPN icon and click Disconnect to disconnect from HKUVPN Server.

    Click the VPN icon and click Disconnect to disconnect from HKUVPN Server.

Appendix: (Optional Step) Updating the Default Sign-in Method in MFA

  1. Visit your Microsoft 365 account settings at https://myaccount.microsoft.com/
  2. Sign in using your HKU credentials.
  3. Go to the “Security info” section.
  4. Set “App-based authentication – Notification” as your default sign-in method under the section titled “You’re using the most advisable sign-in method where it applies.”

    Set "App-based authentication - Notification" as your default sign-in method under the section titled "You’re using the most advisable sign-in method where it applies."
1
0