Sectona Privileged Access Management (PAM) system provides inbuilt multi-factor authentication known as Sectona Multifactor Authentication.

This feature supports a one-time token delivered via the Sectona mobile app on Google Android and Apple iOS platforms. It can be SMS-based or delivered via email tokens.

To configure the multifactor authentication for users, the administrator has to create a suitable user access policy with the respective MFA type and assign it to the user.

This section covers the procedure for setting up:

Sectona mobile-based OTP tokens

This tokenization technique works on time-stamping between Sectona instance and mobile application. To avoid any time-sync issues you can increase tolerance time to handle such issues.

  • Go to ConfigurationMulti-factor authenticationSectona Authentication and enable App OTP option at system level.

  • Define a user access policy with an option in multi-factor authentication as App OTP. The policy can be enforced at user level.

  • All users with this policy will be asked to register the Sectona Mobile application via QR Code registration at first logon to allow sync with respective phone to user.

SMS token

SMS Tokens can be sent if you have configured the SMS Gateway. Sectona can generate OTPs and send it over to phones. To enable SMS token as an additional factor for user authentication, follow procedures as below:

  • Go to ConfigurationMulti-factor authenticationSectona Authentication and enable SMS OTP option at system level.

  • Define a user access policy with an option in multi-factor authentication as SMS OTP. The policy must be enforced at user level.

  • Go to Configuration on the navigation bar → Select SMS Gateway from the side scrollbar and required details of SMS gateway provider. The configuration supports integration with SMS gateways supporting REST APIs.

  • In the Gateway URL field, update the standard URL based supporting HTTP request to the API.
    Example String: <https://<hostname>/rest/api/3/issue/ACME-1

  • In the Method field, you can either mention Get or Post method to cache the request .

  • Sender ID is normally the account name set by your provider. This is different for transactional and promotional messages.

  • Request Data provides a list of URL formats to push SMS to the platform.

  • In the Accept field, use the field based on settings such as URL encoded or otherwise.

  • Mention list of valid success and failed criteria messages to validate your API response in Success Criteria and Failed Criteria fields.

  • Provide username and password/key to authenticate to REST API as required by your provider in the Username and Password field.

  • Enable the Network Proxy field to add the desired network proxy. This is required when your Sectona Web Access component needs to communicate over the internet with Jira Cloud. For more information configuring Network proxy section Setting up a network proxy.

  • Enable the Active checkbox and click on Save to activate the configuration.

Email OTP

In this type of authentication, the user's email ID must be registered within the system. Once the user logs in, an OTP will be sent to the registered email ID. The user will have to enter the OTP after which access will be granted to the system.

To reach the MFA Service you need to follow certain steps:

  1. Select Configuration from the navigation bar.

  2. Select Multifactor Authentication from the sidebar.

  3. Click on the Sectona Authentication tab.

  4. Choose the Email OTP from the list.

  5. Fill in the information required.

  6. Click on Save and your Sectona authentication mechanism will be enabled.

You can define the maximum unsuccessful login attempts, OTP length and define an OTP template.

To provide the user the authority for access on any of the above-mentioned list of supported techniques in Sectona MFA, you need to provide that information in the User Access Policy and select the MFA type from the drop-down list.