support Posted September 28, 2018 Report Share Posted September 28, 2018 We've had a customer request the ability to have a second two factor authentication option to be available to be used when SAML2 is the primary option. Currently SAML2 only works on it's own and an example of this feature would be you could choose SAML2 with Google Authenticator. If you think this is a feature you would like to see in Passwordstate, please cast your vote! Regards, Support. Link to comment Share on other sites More sharing options...
Sarge Posted September 28, 2018 Report Share Posted September 28, 2018 +1 Link to comment Share on other sites More sharing options...
Christopher Posted October 1, 2018 Report Share Posted October 1, 2018 +1 Link to comment Share on other sites More sharing options...
Jeffi Posted November 26, 2018 Report Share Posted November 26, 2018 +1 Any developments with this feature please? Link to comment Share on other sites More sharing options...
support Posted November 26, 2018 Author Report Share Posted November 26, 2018 Hi Jeffi, Sorry, but we have not had any time to work on this feature request. Possibly in the new year at some stage. Regards Click Studios Link to comment Share on other sites More sharing options...
Jim Posted December 4, 2018 Report Share Posted December 4, 2018 are we still allowed to bump? If yes, +1; if no, humble apologies for spam and please delete. Link to comment Share on other sites More sharing options...
bepo Posted January 17, 2019 Report Share Posted January 17, 2019 Hello, i would like to see a second 2 factor option in general. Sometimes our users forget their phones at home and can´t use passwordstate. I would be nice to enable a second 2 factor option like mail or sms for this case. Kind regards and thank you for a great product Link to comment Share on other sites More sharing options...
support Posted January 18, 2019 Author Report Share Posted January 18, 2019 Hello Bepo, Maybe you could use a User Account Policy for this, and when users forget their phone, add them to the User Account Policy which is using a different authentication method. Regards Click Studios Link to comment Share on other sites More sharing options...
Jeffi Posted January 18, 2019 Report Share Posted January 18, 2019 Hi Bepo You could allow us of the GAuth plugin with Chrome. It should only used on the basis it was for "exceptional" user access when their phone was lost or where a user cannot get mobile coverage for example. It's not the best approach to MFA as it introduces some potential areas of additional exposure and could be argued that it isn't true MFA not being independent of the desktop/browser. So I would add some additional controls such as client-side cert and only allowing access to the Passwordstate service via an established VPN - but that VPN service would also probably need a non-phone-based MFA (e.g. Direct Access or use a Yubikey/RSA token) as that's the problem you are trying to workaround. Link to comment Share on other sites More sharing options...
bepo Posted January 23, 2019 Report Share Posted January 23, 2019 Hello, thank you for your help. Account policys require an admin action. This is a bad way if you want to have a minimum ticket queue. Microsoft, Google etc. allowing to choose a second factor. You can choose to receive e.g. an e-mail, if your phone is lost. Link to comment Share on other sites More sharing options...
support Posted February 18, 2019 Author Report Share Posted February 18, 2019 Hi All, We will have an option for this in the next build - due in a few days. Regards Click Studios Link to comment Share on other sites More sharing options...
support Posted February 26, 2019 Author Report Share Posted February 26, 2019 Hi All, As of build 8627, you can now select an additional authentication option, after SAML authentication is complete - see screenshot below. Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts