Forum Discussion

han5rt8d_255517's avatar
han5rt8d_255517
Icon for Nimbostratus rankNimbostratus
Oct 11, 2016

Thanks, Troy! Appreciate the response.

 

Question regarding your project: How many login steps do you require users to authenticate prior to accessing the resource? We are facing the issue when users are taken to the challenge response (two-step) page as the webpage does not render the challenge statement (ex.: enter OTP here xyz).

 

We were able to use the Advanced section to customize our initial login page but we're seeing that customization is moot and broken in light of the secondary step.

 

Have you done this as well?

 

  • Troy_Murray_196's avatar
    Troy_Murray_196
    Icon for Cirrus rankCirrus
    Oct 12, 2016

    We have our password and MFA on the same page, although I've thought about separating them out, we haven't yet.

     

  • han5rt8d_255517's avatar
    han5rt8d_255517
    Icon for Nimbostratus rankNimbostratus
    Oct 12, 2016

    Interesting. Can I ask what you're using as the MFA platform?

     

    Our AP requires a successful initial auth prior to taking the user to the MFA page. These are two separate webpages that the user pass through prior to accessing the resource.

     

    Your implementation sounds like you have one webpage and has three fields for:

     

    Username: ____________

     

    Password: ______________

     

    MFA code: ______________

     

    If so, how does the system know which system (ex.: initial auth w/ AD; secondary w/ MFA system) to auth the user against?

     

  • Troy_Murray_196's avatar
    Troy_Murray_196
    Icon for Cirrus rankCirrus
    Oct 12, 2016

    I'm not comfortable listing our MFA solution on this public forum at this time. However I can share this, our authentication page looks similar to what you have above and you list two example auths, so I'll use those.

     

    You could create a logon page that has all three fields. Upon submission the first macro could be your Active Directory authentication. If that Active Directory authentication macro is successful then that success branch could next be your MFA authentication macro. If that one is also success then the user could be presented the resources.