Details

    • Sprint:
      AS | Iteration 10, AS | Iteration 11, AS | Iteration 12, AS | Iteration 13, AS | Iteration 14, AS | Iteration 15, Iteration 38, Iteration 39, Iteration 40, Iteration 41, Iteration 42
    • Type of Documentation:
      Deployment

      Description

      Background
      This development is part of the creation of a component that allows the activation of Multi-Factor-Authentication (from now on: MFA) in the portal. When accessing the portal using the Login UI, a second authentication factor will be requested to verify the user's identity beyond the password.

      Features
      This feature allows to activate an Timebased-OTP verifier for MFA, it only appears when MFA is already enabled. So we would have different scenarios to consider when a user logs into the portal:

      • Do not enable MFA: User will access the portal using mail/password
      • Enable MFA (and therefore activate Email OTP as a verifier): User will access the portal using mail/password and then the verification via email would be shown. The end user will be shown a screen where he/she should enter the code received in his/her mail account.
      • Enable MFA (and therefore activate Email OTP as a verifier) and configure Timebased OTP Verifier:
        • If the user has not configured in his/her Account Settings the Timebased OTP Verifier: User will access the portal using mail/password and then the verification via email would be shown
        • If the user has configured in his/her Account Settings the Timebased OTP Verifier: User will access the portal using mail/password and then he/she will be able to choose between access using the Email Verification or the Timebased Verification. By default, the Verifier with the highest order in the configuration will be shown, and we will add an option to switch to the second active Verifier. On the screen of the second active verifier there will be a link to the third one if that exists and so on.

      Steps
      As Instance Administrator, to activate this functionality there's a new option at Instance Settings - Multi-Factor Authentication. There are also several configurable fields to set up the Timebased OTP algorithm to use (we're following the actual specification: https://tools.ietf.org/html/rfc6238)
      As end user if Timebased OTP verifier has been activated, he/she will have to configure the account at Account Settings (see: LPS-114241) The end user also can remove the Timebased OTP verifier configuration.

      Code
      There are several modules to take into account for this functionality:

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              zsigmond.rab Zsigmond Rab
              Reporter:
              nora.szel Nóra Szél
              Recent user:
              Zsigmond Rab
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  7.3.X
                  Master