NOTICE: Significant community changes coming soon
The header menu and the home page on our community will be changing soon. Get more information HERE.

Allow multifactor when enrolling smartphone via /smartphone/enroll url directly on the smartphone.

Idea ID 2785969

Allow multifactor when enrolling smartphone via /smartphone/enroll url directly on the smartphone.

As an Administrator of AAf, admin should be able to add MFA for direct smartphone enrollment url as well.

Currently, the product (AAf 6.2) support direct smartphone enrollment without the need of user to go to the self-enrollment portal.
User can be provided the url https:///smartphone/enroll, which user opens on their smartphone (iOS, android) browser. The browser provide option to select either install NetIQ Auth app or enroll.
User already has the app installed on their device and click on enroll. NetIQ auth app opens up and user is only asked to enter username & password. (in the back-end, there is no event, only a predefined chain is triggered to conduct only username/password authentication)

A vulnerability on this is that a compromised user credential can be used to enroll a smartphone which doesn't belong to the real user. This could lead to a major breach.

Attaching smartphone enroll process to a specific event (Authenticator management) and updating the NetIQ Auth app to support another factor field pop up will rectify this issue and give more reasons to customer to use NetIQ Auth app and utilize push notification capability.
1 Comment
Absent Member.
Absent Member.
When requiring to enroll 10K+ users we need to make the process available inside and outside(4G) the network. But to ensure validation that the user is who they say they are the enrol process needs to protect externally via a MFA token (ie SMS or email token).
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.