Idea ID: 2768220

Multi factor authentication for Connected Backup Retrieves from AMWS

Status: Declined

Not planned for Connected Backup and there does not seem to be much customer demand.  Drop a note to Connected@microfocus.com if you want to discuss this.

See status update history

About MFA:
Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. MFA requires other—additional—credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.

Idea:
Currently all retrieves from Account Management Web Site(AMWS) requires only password of the user. Since AMWS is a web-based tool for file retrieval, by implementing Multi Factor Authentication here can add an extra layer of security to authenticate validity of the user.


Business Value:
1. Enhanced Security
2. Cross product integration (like Authasas)

 

Design:
User level:
1. In AMWS, Upon login with password, a PIN or an One Time Password (OTP) which is sent by the CB server to be entered only at the time of downloading the zip or exe (My-roam expander).
2. User may receive password to his email given during registration or to his enterprise email in case of LDAP users.

Admin/Technician level:
1. Admins may configure the MFA at a Community level or at Server level.
2. A similar config page as LDAP community, can be provided to admins/technicians to integrate the MFA server with CB server.


Future Scope:
Initial scope can be confined to PIN or OTP to email. This can be extended to be send as a SMS to user mobile also.

 

Tags: