Hi Matt,
You were inquiring about 2FA for external myFileGateway users; commenting that RSA is a little costly.
i discovered a passage in IBM's 2FA authentication that I'm hoping can assist you. It's located at the following URL:
https://cloud.ibm.com/docs/account?topic=account-typesAt the above stated IBM Web-site , there's a great deal of discussion on 2FA authentication options. Since clarification was needed for me on "external myfileGateway," I decided to point you, hopefully in the right direction.
My research taken me to IBM's section on 2FA authentication for external, 3rd party authentication options.
what I discovered under external authentication is that there are two options; both requiring a monthly charge. I recommend calling around and conducting comparison shopping.
Symantec and phone-based authentication (as a 2FA option) is available by IBM. Notwithstanding, the administrator would have to order the services for a user and enable use for them from the user details page.
Additionally, I found a section on the same page that states, "MFA for all users" (iBMid and supported IDPs). This section references individual users who utilize an IBMid or an external identity provider (IDP). I don't know which category you fall in as a user, but options under this category includes:
1. E-mail based MFA (utilizing a security passcode via
e-mail.
2. TOTP MFA (using TOTP).
3. U2F MFA (utilizing a hardware security key).
You might want to check with IBM to ascertain whether your user case meets the qualifying criteria to utilize at least two of the authentication options stated above.
Again, additional information is available at:
https://cloud.ibm.com/docs/account?topic=account-typesI hope this was helpful.
Sincerely,
Yvonne
------------------------------
Yvonne R. McGinnis
DevOps (hopeful), Systems Administration
Obama Foundation, Chicago
Chicago Cato, Illinois
773-886-5579
------------------------------
Original Message:
Sent: Thu January 14, 2021 06:51 AM
From: Matt Wales
Subject: 2FA for External MyFileGateway users
Hi all,
Has anyone managed to implement 2-Factor Authentication (OTP, or otherwise) for external-facing MyFileGateway sign-on?
I am aware RSA can be used - but this will be costly as our existing RSA service is only used for internal staff, and we do not store external users in our AD (we use a separate LDAP instance), so a whole new RSA CAS tenant would be required.
Before we rule anything else out, has anyone used another product/package/service for this?
Thanks to Richard for his ongoing help also :)
------------------------------
Matt Wales
------------------------------
#DataExchange
#filetransfer