Description

Multi-factor authentication is an architectural approach to accessing resources sequentially through multiple authentication verifiers. This Epic and all the Stories under that is about implementing that feature.

We release the Milestone 2 in DXP 7.3.

Design

• Instance Settings
• Verification Steps
• End User: authentication modals, account settings, policies
• Auditing

Stories

Milestone 1 - MVP

Goal: implement a MVP, that works already and on which we can built the additional functionalities and that we can generalize in functionality. In this iteration it is a simple Email One Time Password (OTP) verification that be simply switched on and off on instance level. No additional configuration yet.

Stories

1. System & portal instance level
   • As a System Administrator, I want to disable MFA for the whole system or for a specific portal instance with config files - LPS-102468
   • As an Instance Administrator, I want to enable and configure MFA for a portal instance - LPS-102467
   • As an Instance Administrator, I want to be able to see successful/unsuccessful attempts of authenticating by verifiers - LPS-92658
   • As an Instance Administrator, I want to be able to throttle MFA requests to prevent brute-force attack on verifiers - LPS-92659
2. Policies
   • -
3. Verifiers
   • As an End User, I want to configure Email One Time Password (OTP) verification step - LPS-101720
   • As an End User, I want to be able to sign in with Email One Time Password (OTP) verification step in my sign in process - LPS-102469
4. End user policies
   • -

Milestone 2 - Instantiated Verifier (must, current)

Goal: To implement the technical background of configuring instantiable verifiers. For now we have one built in instantiable verifier which is the Email One Time Password (OTP) verifier.

Stories

1. System & portal instance level
   • As an Omni Administrator, I do not want to have the MFA basic configuration under System Settings - LPS-109497
   • As an Instance Administrator, I want to have an option to switch off the Basic Auth Verifier on instance level when I switch the MFA on - LPS-112805
   • As an Instance Administrator, I want see if the MFA is disabled for the whole system or for one of my specific portal instances on system level - LPS-109786
   • As an Instance Administrator, I want to see description texts for the MFA configuration entries - LPS-110309
2. Policies
   • As an Instance Administrator, I want to be able to manage optional verification steps that End User can set up as an additional verifier of one verification step to sign into the portal - LPS-103015
   • As an End User, I want to be able to set up optional verifiers of a verification steps to sign into the portal with - LPS-98267
3. Verifiers
   • As an Instance Administrator, I want to configure localized e-mail template for Email One Time Password (OTP) verification step - LPS-110444
   • As an Instance Administrator, I want to configure verifiers - LPS-101717
   • As an Instance Administrator, I want to configure an Email One Time Password (OTP) verifier - LPS-89360
     • As an End User, I want to configure Email One Time Password (OTP) verification step - LPS-101720
     • Note: we used this story for pushing the existing code into master, but we need this Story here.
   • As an Instance Administrator, I want to configure a Time-based One Time Password (TOTP) verifier - LPS-86515
     • As an End User, I want to configure a Time-based One Time Password (TOTP) verification step - LPS-101744
   • As an Instance Administrator, I want to configure an IP based verifier - LPS-101746
     • As an End User, I want to configure an IP based verification step - LPS-101747
   • As a Developer, I want to create, modify verifiers programmatically and register them to the portal to make them possible to assign to MFA policies - LPS-101750
4. End user policies
   • -