Forum

Posts by afuller (afuller)

afuller
afuller
Posts: 6

Correct, so instead of Optional - Default Disabled, Optional - Default Required.

Your current setup for optional reads the user config and enforces it if enabled for that user. I just want a way to have default required, but be able to override and disable for a specific user.

3 yrs 2FA selective disable.
afuller
afuller
Posts: 6

The same way it knows to enforce 2FA when set to Optional, based on some key in the user config in the database?

3 yrs 2FA selective disable.
afuller
afuller
Posts: 6

Today we have 3 options for server-side 2FA

* Disabled -- As it states
* Optional -- Server checks the user, if its configured it uses it, if not, they pass.
* Required -- All users are required and must register if they don't have it.

I propose a 4th option.
* Required w/Excemption -- For special use cases, a flag in the database user 2FA config that allows the server to bypass 2FA for that user. Helpful in cases such as service accounts where automation needs to use the powershell commands without using 2FA but in an environment where security mandates everyone else as required.

3 yrs 2FA selective disable.
afuller
afuller
Posts: 6

We use credential objects and then override them with user specific settings. However when you do this you can not currently set expiry information on the object. It would be nice to be able to do so to help track expiration dates for accounts for our users. Then the object would change color like it does for the normal expiry dates.

3 yrs User Specific Settings - Object Expiry
afuller
afuller
Posts: 6

Awesome, thank you.

And unfortunately our business team chose another 2 factor, so Radius is really important, although radius usually isn't something you open to an entire network but specific devices so it would probably only work with the server solution. Which is what we have.

Thanks again!

5 yrs 2 Factor Per Session.
afuller
afuller
Posts: 6

I know RDM already supports 2 factor via google auth and yubikey, there are already many posts regarding 2 factor via radius which is what I need for my implementation as well using Toopher.

However, along with this please make an option to re-prompt 2 factor on each session open. We don't need the username / password since that's already achieved via the first login to the app, but we should be able to re-prompt 2 factor upon opening of a session, this seems like it would be easy to add to the connection options.

Thanks!
Anthony

5 yrs 2 Factor Per Session.