IBM Security Verify

 View Only
Expand all | Collapse all

ISVA - How can we leverage Microsoft provided MFA (Text,Voice & Authenticator APP) in IBM security verify Access

  • 1.  ISVA - How can we leverage Microsoft provided MFA (Text,Voice & Authenticator APP) in IBM security verify Access

    Posted Fri December 08, 2023 12:58 PM

    Hello Team,

    just wondering for any suggestions if there are any ways to leverage Azure MFA in IBM Security Verify Access (ISVA). 

    Description -

    ISVA has the AAC poilcy which attached to SSO application resources.. when end user access any SSO apps, it prompts MFA for text message and voice. We use  third party REST API end points for messaging and call back. Now we want to replace with azure MFA as we have enough licenses.

    These users 1st factor authentication  i.e. username/password is PTA to on-premise AD. OAuth/OIDC/SAML SSO apps are integrated in ISVA. Is there any complex or simplest way to utilize the azure MFA?

    Any suggestions would be helpful.

    Thanks,

    Bipin



    ------------------------------
    Bipin Dash
    ------------------------------


  • 2.  RE: ISVA - How can we leverage Microsoft provided MFA (Text,Voice & Authenticator APP) in IBM security verify Access

    Posted Tue December 12, 2023 01:45 AM

    Hey Bipin, 

    As far as I've seen - Azure/Entra MFA doesn't have a published 'REST' based interface or any practical SDKs. All their integrations are either by OIDC or otherwise. 
    As such, unfortunately - IMO integration outside of the Microsoft world is 'messy' and custom. 
    I'm aware of a number of projects that have investigated this, but I'm not aware of a pattern used to achieve this consistently. 


    You might consider migrating to Passkeys or similar - for a better user experience? And native capabilities in IBM Security Verify Access that don't consume/need Azure licenses. 



    ------------------------------
    Philip Nye
    IBM
    Gold Coast
    ------------------------------



  • 3.  RE: ISVA - How can we leverage Microsoft provided MFA (Text,Voice & Authenticator APP) in IBM security verify Access

    Posted Tue December 12, 2023 10:28 AM

    Thank you Philip! We do have OOTB TOTP and IBM Verify Push notification. Was verifying if there are options to utilize. Initially I thought MSFT Graph QL API would be helpful but also did a check with MSFT and it won't work as per our requirement.



    ------------------------------
    Bipin Dash
    ------------------------------