Sectona Privileged Access Management (PAM) system provides inbuilt multi-factor authentication known as Sectona Multifactor Authentication.
This feature supports a one-time token delivered via the Sectona mobile app on Google Android and Apple iOS platforms. It can be SMS-based or delivered via email tokens.
To configure the multifactor authentication for users, the administrator has to create a suitable user access policy with the respective MFA type and assign it to the user.
This section covers the procedure for setting up:
Sectona mobile-based OTP tokens
This tokenization technique works on time-stamping between the Sectona instance and the mobile application. To avoid any time-sync issues, you can increase tolerance time to handle such issues.
Go to Configuration → Multi-factor authentication → Sectona Authentication and enable the App OTP option at the system level.
Define a user access policy with an option in multi-factor authentication as App OTP. The policy can be enforced at the user level.
All users with this policy will be asked to register the Sectona Mobile application via QR Code registration at first logon to allow sync with the respective phone to the user.
SMS Tokens can be sent if you have configured the SMS Gateway. Sectona can generate OTPs and send them over to phones. To enable SMS token as an additional factor for user authentication, follow the procedures as below:
Go to Configuration → Multi-factor authentication → Sectona Authentication and enable the SMS OTP option at the system level.
Define a user access policy with an option for multi-factor authentication as SMS OTP. The policy must be enforced at the user level.
Go to Configuration on the navigation bar → Select SMS Gateway from the side scrollbar and the required details of the SMS gateway provider. The configuration supports integration with SMS gateways supporting REST APIs.
In the Gateway URL field, update the standard URL-based supporting HTTP request to the API.
In the Method field, you can either mention the
Postmethod to cache the request.
Sender ID is normally the account name set by your provider. This is different for transactional and promotional messages.
Request Data provides a list of URL formats to push SMS to the platform.
In the Accept field, use the field based on settings such as URL encoded or otherwise.
Mention a list of valid success and failed criteria messages to validate your API response in the Success Criteria and Failed Criteria fields.
Provide username and password/key to authenticate to REST API as required by your provider in the Username and Password field.
Enable the Network Proxy field to add the desired network proxy. This is required when your Sectona Web Access component needs to communicate over the internet with Jira Cloud. For more information, configure the Network proxy section Setting up a network proxy.
Enable the Active checkbox and click on Save to activate the configuration.
In this type of authentication, the user's email ID must be registered within the system. Once the user logs in, an OTP will be sent to the registered email ID. The user will have to enter the OTP, after which access will be granted to the system.
To reach the MFA Service, you need to follow specific steps:
Select Configuration from the navigation bar.
Select Multifactor Authentication from the sidebar.
Click on the Sectona Authentication tab.
Choose the Email OTP from the list.
Fill in the information required.
Click on Save, and your Sectona authentication mechanism will be enabled.
You can define the maximum unsuccessful login attempts and OTP length and define an OTP template.
To provide the user the authority for access to any of the above-mentioned list of supported techniques in Sectona MFA, you need to provide that information in the User Access Policy and select the MFA type from the drop-down list.