Managed File Transfer

 View Only
  • 1.  2FA for External MyFileGateway users

    Posted Thu January 14, 2021 07:06 PM
    Hi all, 

    Has anyone managed to implement 2-Factor Authentication (OTP, or otherwise) for external-facing MyFileGateway sign-on?

    I am aware RSA can be used - but this will be costly as our existing RSA service is only used for internal staff, and we do not store external users in our AD (we use a separate LDAP instance), so a whole new RSA CAS tenant would be required.

    Before we rule anything else out, has anyone used another product/package/service for this?

    Thanks to Richard for his ongoing help also  :)

    ------------------------------
    Matt Wales
    ------------------------------

    #filetransfer
    #DataExchange


  • 2.  RE: 2FA for External MyFileGateway users

    Posted Sun January 17, 2021 07:19 PM
    Hi Matt,

    You were inquiring about 2FA for external myFileGateway users; commenting that RSA is a little costly.

    i discovered a passage in IBM's 2FA authentication that I'm hoping can assist you.  It's located at the following URL:

    https://cloud.ibm.com/docs/account?topic=account-types

    At the above stated IBM Web-site , there's a great deal of discussion on 2FA authentication options.  Since clarification was needed for me on "external myfileGateway,"  I decided to point you, hopefully in the right direction.

    My research taken me to IBM's section on 2FA authentication for external, 3rd party authentication options.

    what I discovered under external authentication is that there are two options; both requiring a monthly charge.  I recommend calling around and conducting comparison shopping.

    Symantec and phone-based authentication (as a 2FA option) is available by IBM.  Notwithstanding, the administrator would have to order the services for a user and enable use for them from the user details page.

    Additionally, I found a section on the same page that states, "MFA for all users" (iBMid and supported IDPs).  This section references individual users who utilize an IBMid or an external identity provider (IDP).  I don't know which category you fall in as a user, but options under this category includes:

    1.  E-mail based MFA (utilizing a security passcode via 
         e-mail.
    2.  TOTP MFA (using TOTP).
    3.  U2F MFA (utilizing a hardware security key).

    You might want to check with IBM to ascertain whether your user case meets the qualifying criteria to utilize at least two of the authentication options stated above.

    Again, additional information is available at: https://cloud.ibm.com/docs/account?topic=account-types

    I hope this was helpful.

    Sincerely,




    Yvonne

    ------------------------------
    Yvonne R. McGinnis
    DevOps (hopeful), Systems Administration
    Obama Foundation, Chicago
    Chicago Cato, Illinois
    773-886-5579
    ------------------------------



  • 3.  RE: 2FA for External MyFileGateway users

    Posted Tue January 19, 2021 09:10 AM
    Matt,

    We are using 2-Factor Authentication for external MyFilegateway sign-on.  The authentication mechanism is of course external to B2B/SFG.  For HTTPS and FTPS traffic we use ID, password, and certificate from a certificate authority.  For​ SFTP we use ID, password and SSH keys.  We have been using this for multiple years.  B2B/SFG is already capable of doing two factor authentication outbound using ID, password and SSH keys.

    We are also exploring a solution for MyFilegateway users with software products that are similar to OKTA.  Recently had a conversation with IBM professional services and the latest version of B2B/SFG that came out around September/November (I think its 6.1.x.x) has the built in plugins that allow OKTA type software to work with SSP and MyFilegateway(B2B/SFG) so that single sign on works.

    ------------------------------
    Kharlon
    ------------------------------