Jump to content

SAML Authentication with a second two factor authentication option


support
 Share

Recommended Posts

We've had a customer request the ability to have a second two factor authentication option  to be available to be used when SAML2 is the primary option.  Currently SAML2 only works on it's own and an example of this feature would be you could choose SAML2 with Google Authenticator.

 

If you think this is a feature you would like to see in Passwordstate, please cast your vote!

 

Regards,

Support.

Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • 1 month later...

Hello,

 

i would like to see a second 2 factor option in general. Sometimes our users forget their phones at home and can´t use passwordstate. I would be nice to enable a second 2 factor option like mail or sms for this case.

 

Kind regards and thank you for a great product

Link to comment
Share on other sites

Hi Bepo

 

You could allow us of the GAuth plugin with Chrome. It should only used on the basis it was for "exceptional" user access when their phone was lost or where a user cannot get mobile coverage for example. It's not the best approach to MFA as it introduces some potential areas of additional exposure and could be argued that it isn't true MFA not being independent of the desktop/browser. So I would add some additional controls such as client-side cert and only allowing access to the Passwordstate service via an established VPN - but that VPN service would also probably need a non-phone-based MFA (e.g. Direct Access or use a Yubikey/RSA token) as that's the problem you are trying to workaround.

Link to comment
Share on other sites

Hello,

 

thank you for your help. Account policys require an admin action. This is a bad way if you want to have a minimum ticket queue.

Microsoft, Google etc. allowing to choose a second factor. You can choose to receive e.g. an e-mail, if your phone is lost.

 

Bildergebnis für microsoft 2 faktor

Link to comment
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
 Share

×
×
  • Create New...