Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Multi-factor Authentication for External Users
OpenText Filr is an enterprise file-sharing and collaboration solution that allows users to access and share files securely from anywhere. OpenText Filr provides Multi-factor authentication (MFA) for internal LDAP users and external users by integrating Filr with NetIQ Advanced Authentication (a product that provides multi- factor authentication)
OpenText Filr Advanced supports MFA for internal LDAP users and there is a separate License called Power External User License which supports MFA for external users.
Customers under maintenance for Filr Advanced or Power External Licenses have a free entitlement to Advanced Authentication Limited which includes SMS OTP, Email OTP, TOTP and Radius client. Many more methods are available with the Full Advanced Authentication license.
MFA is a security mechanism that adds layer of protection to the authentication process by requiring users to provide two or more forms of identification. This can help build trust with customers and partners and enhance the organization's brand reputation.
Advantages of using MFA for external users:
Figure 1: FILR and NETIQ integration
Steps to Integrate Advanced Authentication with FILR
Step 1: Create an SQL Repo
Figure 2:SQL repo creation
DB host, DB name, DB user, and password as per the FILR database setup, and DB host value remain same as filr IP for small deployment. The above picture represents PostgreSQL, it also supports other databases such as MSSQL DB, Maria DB and MySQL DB.
Note: If MSSQL is the DB type, the User’s Id column must be changed to email address and user’s id type must be String.
Step 2: Create a CHAIN
Figure 3 : Chain creation
Note: Recommended authentication methods for external users are Email OTP and SMS OTP
https://www.netiq.com/documentation/advanced-authentication-64/server-administrator-guide/data/mail_sender.html
https://www.netiq.com/documentation/advanced-authentication-64/server-administrator-guide/data/mail_sender.html
Note: Do not select SMS OTP alone as an authentication method. If the registered phone number is incorrect , user might not be able to login using advanced authentication , to modify the phone number in this case use 2nd or 3rd way mentioned below .
For SMS OTP to work, the mobile number should be added to Filr. This can be done in multiple ways.
The chain creation process can vary based on different scenarios:
When External and Internal LDAP users need to have a different authentication method. |
· create a new chain (for internal LDAP users) · Add the authentication method needed for internal LDAP users. · Add the internal user's repo and SAVE
· Start creating a new chain (for external users) · Add the authentication method needed for internal and external users. · Add the external user's repo and SAVE · Add both chains in an EVENT |
When a user needs optional authentication methods to choose from |
· create a new chain · Add the authentication method needed · Add all the user repos needed and SAVE · Repeat the same for another authentication method or methods as well · Add all the chains to the EVENT. |
Step 3: Create an EVENT
Figure 5: Event creation
Step 4: To Integrate Filr with NetIQ Advanced Authentication
Figure 6 : Filr NetIQ page
Step 5: Modify EVENT using the Advanced Authentication Admin Console
Step 6: Log in to FILR using multi-factor authentication
Figure 7:Authentication methods
(Note: Choose email OTP & login to Filr Web Client, later external users can configure their phone number so that they use SMS OTP as well from the next login onwards)
Figure 8:OTP page
Enter the OTP sent and the user will be successfully logged in to the Filr.
Summary :
With Filr 5.0 and above - For organizations Multi-factor authentication provides an extra layer of security in the authentication process and reduces the risk of unauthorized access to sensitive data.MFA is an effective way to improve the security of external users accessing OpenText Filr and to meet regulatory compliance requirements while also providing convenience to users.