Multi factor authentication for Connected Backup Retrieves from AMWS

Idea ID 2775770

Multi factor authentication for Connected Backup Retrieves from AMWS

About MFA:
Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. MFA requires other—additional—credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.

Idea:
Currently all retrieves from Account Management Web Site(AMWS) requires only password of the user. Since AMWS is a web-based tool for file retrieval, by implementing Multi Factor Authentication here can add an extra layer of security to authenticate validity of the user.


Business Value:
1. Enhanced Security
2. Cross product integration (like Authasas)

 

Design:
User level:
1. In AMWS, Upon login with password, a PIN or an One Time Password (OTP) which is sent by the CB server to be entered only at the time of downloading the zip or exe (My-roam expander).
2. User may receive password to his email given during registration or to his enterprise email in case of LDAP users.

Admin/Technician level:
1. Admins may configure the MFA at a Community level or at Server level.
2. A similar config page as LDAP community, can be provided to admins/technicians to integrate the MFA server with CB server.


Future Scope:
Initial scope can be confined to PIN or OTP to email. This can be extended to be send as a SMS to user mobile also.

 

1 Comment
Micro Focus Contributor
Micro Focus Contributor
Status changed to: Waiting for Votes
 
Most "Liked" Contributors
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.