Details

    • Sprint:
      Iteration 36, Iteration 37, Iteration 38, Iteration 39
    • Type of Documentation:
      Developer

      Description

      Background
      This development is part of the creation of a component that allows the activation of Multi-Factor-Authentication (from now on: MFA) in the portal. When accessing the portal using the Login UI, a second authentication factor will be requested to verify the user's identity beyond the password.

      Features
      This feature allows to activate an IP verifier for MFA, it only appears when MFA is already enabled. So we would have different scenarios to consider when a user logs into the portal:

      • Do not enable MFA: User will access the portal using mail/password
      • Enable MFA (and therefore activate Email OTP as a verifier): User will access the portal using mail/password and then the verification via email would be shown. The end user will be shown a screen where he/she should enter the code received in his/her mail account.
      • Enable MFA (and therefore activate Email OTP as a verifier) and configure IP OTP Verifier:
      • User tries to log in from a matching MFA IP: User will access without any extra verification steps after log in
      • User tries to log in from a non-matching MFA IP: User will be able to use any of the available verifiers based on the Instance Configuration (like Email Verification)

      Steps
      As Instance Administrator, to activate this functionality there's a new option at Instance Settings - Multi-Factor Authentication. There are also several configurable fields to set up the allowed IPs from which the user will make his/her login request.

      As end user if MFA with IP verifier has been activated, when logging in to the portal, as a security measure the portal will check the IP from which the login request has been made and, if it matches the configuration, end user will be allowed to access the system without showing any message/notification.
      If the IP doesn't match the MFA Configuration, end user will be able to use any of the other available verifiers.

      Code
      There are several modules to take into account for this functionality:

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marta.medio Marta Medio
              Reporter:
              nora.szel Nóra Szél
              Recent user:
              Zsigmond Rab
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  7.3.X
                  Master