Multi factors authentication

Contents

What is a Multi factors authentication?

There are 3 kinds of authentication factors:

A Multi factors authentication is the combination of 2 factors. Example: login + password + email one time password = MFA

BUT a strong authentication is the combination of 2 different kinds of factors.
The previous example is not a strong authentication
Example: login + password + mobile phone application one time password = strong authentication

Existing 2nd factors on Trustelem

Trustelem factors, used in addition to the password, are:

mfa.png

Notes:

Possible authentications depending on the protocols

Web logging - Admin page + SAML / OpenID Connect applications

The user provides his Trustelem login + password, then the 2nd factor.
If he has multiple 2nd factors, he can choose to use another one:

LDAP applications

The LDAP protocol is not designed to do MFA. But with Trustelem, there are 2 ways of doing it:

Radius applications

Radius authentications have lot of possibilities:

Setup

To setup the allowed factors, , go on Trustelem admin page, Security settings and Authentication factors

The first part, Manage authentication factors, has 2 parameters: Login, and User can reset token authfactors.PNG

Login parameter

For a chosen factor, you can activate the option login for all users or for specific users.
When it's done:

User can reset token parameter

For a chosen factor, you can activate the option User can reset token for all users or for specific users.
When it's done, the defined users can use their dashboard to reset this factor:

https://mydomain.trustelem.com/#security

mfa3.png

When you have enabled the chosen factors, you can start the enrollment.

Manual enrollment using dashboard

This has to be done by a Trustelem administrator enroll1.PNG

Manual enrollment using email

This has to be done by a Trustelem administrator. You can send the enrollment link to Trustelem Primary Email or choose another one. enroll2.PNG

Enrollment campaign

mfa2.png

Create an access-rules for MFA

If you already have users and applications, you can now create access-rules in order to force multi factors authentication.
You can find the detail using the URL: access rules


Revision #17
Created 1 July 2022 08:24:56 by WALLIX Admin
Updated 24 October 2023 16:12:32 by WALLIX Admin