Primary Storage

 View Only
  • 1.  MFA

    Posted Thu July 21, 2022 02:31 AM
    Hi,

    We have the Flashsystem V5035F. Anyone tried configuring the new MFA feature?

    I signed up for a trial of IBM Secure Verify and managed to configure integration with Azure even though the documentation on the matter sucks big time. After that I configured our SAN according to the SAN documentation (MFA wise) but when trying to logon using MFA we get an error saying something like:

    ibm security verify "unknown" jwt bearer sub claim. The system cannot validate the jwt bearer assertion.

    Anyone else struggling with this?

    In general I was excited when they announced MFA support, but very disappointed that it's not possible using RADIUS or SAML in order to use the Azure MFA that we already have in place.

    /Rasmus

    ------------------------------
    Rasmus Teglgaard
    ------------------------------

    #PrimaryStorage
    #Storage
    #StorageAreaNetworks


  • 2.  RE: MFA

    Posted Mon July 25, 2022 09:58 AM

    Hola Rasmus!

    If you already made sure you configured the Flashsystem as the documentation indicates in
    https://www.ibm.com/docs/en/flashsystem-5x00/8.5.x?topic=authentication-configuring-multifactor-security-verify

    Besides creating the user in the Flashsytem side, did you created the user in the IBM Security Verify instance?  (Directory>User and groups). I currently have 2 users there, one user to administrate the IBM ISV instance and another to log in to my Flashsystem



    ------------------------------
    Luis Lopez
    ------------------------------



  • 3.  RE: MFA

    Posted Mon July 25, 2022 10:03 AM
    Hi Luis,

    We use Azure-integration but yes, the user has been automatically created in ISV after the first succesful login.

    /Rasmus

    ------------------------------
    Rasmus Teglgaard
    ------------------------------