Hello there
Client VPN offers the following types of client authentication:
-Active Directory authentication (user-based)
-Mutual authentication (certificate-based)
-Single sign-on (SAML-based federated authentication) (user-based)
You will only be prompted for username/password if you are using user based authentication methods (AD or SAML)
With Active Directory authentication, clients are authenticated against existing Active Directory groups ,so clients have to enter credentials for existing AD groups.For SAML, the credentials are stored by their IdPs.
I would like to mention that using ACM and ACM Private CA for mutual authentication isn't currently supported for use with the AWS provided client for the Client VPN application[2].However you can connect using any other OpenVPN-based client application.
Reference:
[1]https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html
[2]https://aws.amazon.com/premiumsupport/knowledge-center/client-vpn-authenticate-private-ca-acm/
Relevant questions
AWS Client VPN - Notification of new client connection to another AWS service (e.g. Lambda)?
Accepted Answerasked 3 months agoAWS VPN Client on macOS - DNS not resolving
asked 5 months agoAWS CLIENT VPN > Redshift private subnet DNS Resolution fails
Accepted Answerasked a month agoClient VPN Endpoint Creation - Not Detecting Client Certificate in ACM
Accepted Answerasked 4 years agoWhat Username do AWS VPN Client need when using password-encrypted private key certificate?
asked 5 months agoHow can we connect a Sagemaker Studio user to a gitlab repo within a private VPN?
Accepted Answerasked 7 months agoUsing client vpn with Okta, session re-authenticates multiple times throughout the day
asked 4 months agocan I prevent Client VPN from setting the hostname on the client machine?
Accepted Answerasked a year agoAWS Client VPN Certs
Accepted Answerasked 3 years agoDoes VPN Client endpoint really need authorization rules?
asked 6 months ago