Hi Afras,
If you pull the SCIM record for a user (make an HTTP Callout to the SCIM interface in AAC) this will include information on the authenticators that the user has registered. This code snippet might help:
var mmfaData = userObj['urn:ietf:params:scim:schemas:extension:isam:1.0:MMFA:Authenticator'];
if (mmfaData != null) {
var authenticators = mmfaData.authenticators;
var userPresenceMethods = mmfaData.userPresenceMethods;
var fingerprintMethods = mmfaData.fingerprintMethods;
IDMappingExtUtils.traceString("authenticators : "+JSON.stringify(authenticators));
IDMappingExtUtils.traceString("userPresenceMethods : "+JSON.stringify(userPresenceMethods));
IDMappingExtUtils.traceString("fingerprintMethods : "+JSON.stringify(fingerprintMethods));
}
In recent versions of Verify Access I can see that there is also a helper class:
com.tivoli.am.fim.registrations.MechanismRegistrationHelperwhich includes functions like
getMmfaRegistrationsForUser(username).
That might be the best approach. Check out the JavaDoc for more information.
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Fri October 22, 2021 12:46 AM
From: afras khan
Subject: MMFA fingerprint status of user
Hello, My scenario is to show the user only those 2fa mechanism that he had already enrolled. But I am unable to check if user biometrics are registered or not using AAC policy. Is there any other way to do it ?
------------------------------
afras khan
------------------------------