Idea ID: 2875075

NAM Admin Console access missing basic security controls of Multi-Factor authentication for itself

Status: Under Consideration

We have plans to integrate the new admin console into the Unified administration console based on the identity console. The identity console already supports OSP integration and the same will come handy when the integration is done. It should come in the next phase of iManager replacement post NAM 5.1.

See status update history

While NAM allows for MFA within the end-user experience for reverse proxied websites as well as SAML/OAuth federations, the very administrative interface of NAM offers nothing but simple username + password.

For a security company, Micro Focus / NetIQ shouldn't be creating security-focused solutions such as NAM without the most obvious and basic requirement of MFA on any and all administrative interfaces.

This lack of multi-factor authentication on a mission-critical tool's administrative interface is not only an audit compliance problem for customers, but also a very real security vulnerability.