IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  ISAM 9: MFA with both RSA and Verify

    Posted Wed April 03, 2019 03:35 PM
    Is it possible to prompt RSA token for certain users and Verify for all others in ISAM 9.0.4?
    What are the options?

    ------------------------------
    Venkat
    ------------------------------


  • 2.  RE: ISAM 9: MFA with both RSA and Verify

    Posted Wed April 03, 2019 04:15 PM
    Hello,

    Have a look at the following blog post on "Branching Authentication Policies" to see how you can branch:
    https://www.ibm.com/blogs/sweeden/branching-authentication-policy-isam-advanced-access-control/

    You would have some decision logic and then a policy to complete IBM Verify and a policy to complete RSA (I'm assuming you have RSA configured in AAC rather than in Reverse Proxy for this discussion).

    How you decide which branch to take is up to you; whatever you can achieve within the JavaScript code.  You might, allow user to choose themselves or you might do it based on checking whether an IBM Verify app is registered against the account.  You could store something in the user credential during initial login (from LDAP perhaps) which you could use to make the decision... or you could set/check a persistent cookie.

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------

    Original Message


Related Content