All Products
Search
Document Center

VPN Gateway:[Change notice] SSL-VPN supports IDaaS EIAM 2.0 instances for two-factor authentication

Last Updated:Jun 28, 2024

Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) 1.0 instances can no longer be purchased. To improve user experience, VPN gateway allows you to use IDaaS EIAM 2.0 instances for two-factor authentication in SSL-VPN connections. You can create a VPN gateway or upgrade a VPN gateway to the latest version and associate an SSL server on the VPN gateway with an IDaaS EIAM 2.0 instance to use two-factor authentication.

Change

When you enable two-factor authentication for an SSL server, you can associate an IDaaS EIAM 2.0 instance with the SSL server.

For more information about the regions that support two-factor authentication, see Regions that support SSL-VPN features.

Impacts

You need to check whether your SSL server can be associated with an IDaaS EIAM 2.0 instance based on the creation time and upgrade time of the associated VPN gateway.

Important
  • If your SSL server has been associated with an IDaaS EIAM 1.0 instance, the SSL server is not affected and can still be used.

    However, IDaaS EIAM 1.0 instances of Free Edition and Standard Edition will be discontinued from September, 2024. We recommend that you migrate your services to IDaaS EIAM 2.0 instances by performing the following operations: Disassociate the IDaaS EIAM 1.0 instance from the SSL server, upgrade the associated VPN gateway, and then associate an IDaaS EIAM 2.0 instance with the SSL server.

  • If no IDaaS EIAM 1.0 instance is available within your Alibaba Cloud account, you can associate only an IDaaS EIAM 2.0 instance with your SSL server after you create a VPN gateway or upgrade a VPN gateway to the latest version.

Scenario

VPN gateway description (time in UTC+8)

Supported IDaaS EIAM instance

The SSL server needs to be associated with an IDaaS EIAM 2.0 instance.

The VPN gateway meets one of the conditions:

  • The VPN gateway was created after 00:00:00 on May 8, 2024.

  • The VPN gateway was upgraded after 00:00:00 on May 8, 2024.

The SSL server can be associated with an IDaaS EIAM 2.0 instance.

The VPN gateway was created before 00:00:00 on May 8, 2024.

You must upgrade the VPN gateway before you can associate an IDaaS EIAM 2.0 instance with the SSL server.

An IDaaS EIAM 1.0 instance exists within your Alibaba Cloud account and the SSL server needs to be associated with the IDaaS EIAM 1.0 instance.

The VPN gateway meets one of the conditions:

  • The VPN gateway was created after 00:00:00 on March 5, 2020.

  • The VPN gateway was upgraded after 00:00:00 on March 5, 2020.

The SSL server can be associated with the IDaaS EIAM 1.0 instance.

The VPN gateway was created before 00:00:00 on March 5, 2020.

You must upgrade the VPN gateway before you can associate the IDaaS EIAM 1.0 instance with the SSL server.

Best practices