How to Enable MFA ?

0
I have a multi tenant web application that already uses SAML module for SSO integration, what I also want to achieve is that the app to suppourt MFA for the local users. Can anyone guide me on how to achieve this.
asked
2 answers
0

Hi Amal (from Canada :)

 

For a Custom Solution, you need below pieces

 

1) A MFA service API - an API that sends SMS OTP to registered Mobile Nos.

Or if you want TOTP based MFA where RSA token or Google Auth token is verified, then you only need verification service API ready in mendix

 

2) If its SMS OTP based verification, design a Page and add this page as the Landing Page after SAML SSO authorization is complete. so the user is landing on this page

 

3) On This page, generate an OTP ( 4 or 6 digits), then send the SMS to user's registered Phone No. as soon as the page loading is complete. You can get the User Phone from Admin.Account entity or from SAML POST Response.

 

Ensure the OTP you generate has an expiry of 1 minute or so

 

4) Once user gets SMS, he will enter on the Page in the boxes and click submit

 

5) Retrieve the OTP from DB entity using the digits he entered and check if it is valid and not yet expired (within 1 min)

 

6) Then navigate, redirect user to correct Home Page based on Microflow Logic

 

******************

 

If it is TOTP based based authentication, then you need vendor specific API or service that needs to be intergated into the Mendix App for verification. Just design a Page where User will enter code he sees in Google Authenticator or Microsoft Authenticator or from the RSA Token App, and call the vendor specific service and upon successful verification response from the service redirect to correct Home Page

answered
0

Hey Aniketh,

 

Thanks for the very elaborate explanation, I appreciate it. 

answered