Idea ID: 2875075

NAM Admin Console access missing basic security controls of Multi-Factor authentication for itself

Elfstone Elfstone
Status : New Idea

While NAM allows for MFA within the end-user experience for reverse proxied websites as well as SAML/OAuth federations, the very administrative interface of NAM offers nothing but simple username + password.

For a security company, Micro Focus / NetIQ shouldn't be creating security-focused solutions such as NAM without the most obvious and basic requirement of MFA on any and all administrative interfaces.

This lack of multi-factor authentication on a mission-critical tool's administrative interface is not only an audit compliance problem for customers, but also a very real security vulnerability.