IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Hi, is it possible to implement MFA using DUO in ISAM/ISVA product? Please confirm. Any information/pointers most welcome/appreciated.
Yes you can do this with a custom InfoMap authentication mechansim. No I don't have one written. If you know the Duo APIs for transaction "kickoff" and "polling" to check if the transaction has been approved or not, then it would be fairly easy to implement.
Thank you Shane! Any pointers to get started with the essential InfoMap concepts that can help with this?
Perhaps start here: https://community.ibm.com/community/user/security/blogs/shane-weeden1/2016/11/29/an-introduction-to-the-infomap-authentication-mech
Also Google around for more, including within my blog ibm.biz/sweeden
if you're able to provide the equivalent curl commands to the APIs you need then I can probably help put a skeleton together to get you started.
Thank you Shane, most of the images are not viewable under https://community.ibm.com/community/user/security/blogs/shane-weeden1/2016/11/29/an-introduction-to-the-infomap-authentication-mech. Hoping it would add clarity if I was able to view them.
Will also look at the other articles and research on the curl commands from DUO, I think that's what you meant, right?
I have fixed the images on that post. Some time ago my blog was migrated, and during that process the image links were all messed up. I have been fixing them one-by-one as they are brought to my attention, so please let me know if you encounter any other articles with this problem that you would like to see.
And yes - if you can emulate the APIs that need to be called to perform the Duo flow, I can help translate that into Infomap capabilities.
Narayan - can you please reach out to me directly sweeden_at_au1.ibm.com to further this conversation out of band. I may be able to help here.
For anyone reading this thread later, I documented a solutions approach here:
Thanks Shane, I read it first thing this morning and have shared it with the team.
Nice blog, as always and a big help for us to get started!