We have a client who wants to implement Multi-Factor Authentication (MFA) for external users (contractors) accessing Maximo in an MAS 9 environment. Normally, we would rely on SAML authentication with an Identity Provider (IdP) that supports MFA. However, due to the client's internal policy, using an IdP is not an option.
Proposed Approach:
Since SAML authentication is not an option, we are considering adding an intermediate page between the MAS Core login page and the Maximo Manage Start Center. This page would prompt users to enter a one-time code sent to their mobile device. Once verified, they would be redirected to the Maximo Start Center.
Questions:
- Is this approach technically feasible in MAS 9?
- What is the best way to integrate this additional authentication step? Specifically, can we introduce a custom
.jsp page for this purpose, and if so, how would it be implemented within the MAS framework?
- Are there alternative solutions within the MAS architecture that could help achieve this without using an IdP?
Any guidance, best practices, or implementation recommendations would be highly appreciated.