Sectona MFA

Sectona Privileged Access Management (PAM) system provides inbuilt multi-factor authentication known as Sectona Multifactor Authentication.

This feature supports a one-time token delivered via the Sectona mobile app on Google Android and Apple iOS platforms. It can be SMS-based or delivered via email tokens.

To configure the multifactor authentication for users, the administrator has to create a suitable Logon Policy with the respective MFA type and assign it to the user.

This section covers the procedure for setting up:

Sectona mobile-based OTP tokens

This tokenization technique works on time-stamping between the Sectona instance and the mobile application. To avoid any time-sync issues, you can increase tolerance time to handle such issues.

Login to Sectona and select Platform Configuration from the product navigator.
Under the Authentication section click on Multi-factor authentication → Sectona MFA and enable the App OTP option.
Define a Logon policy with an option in multi-factor authentication as App OTP.
All users with this policy will be asked to register the Sectona Mobile application via QR Code registration at first logon to allow sync with the respective phone to the user.

SMS token

SMS Tokens can be sent if you have configured the General Configuration section → SMS Gateway. Sectona can generate OTPs and send them over to phones. To enable SMS token as an additional factor for user authentication, follow the procedures as below:

Login to the system and select Platform Configuration from the product navigator.
Under the Authentication section click on Multi-factor authentication → Sectona MFA and enable the SMS OTP option at the system level.
Define a logon policy with an option for multi-factor authentication as SMS OTP.
Go to Configuration on the navigation bar → Select SMS Gateway from the side scrollbar and the required details of the SMS gateway provider. The configuration supports integration with SMS gateways supporting REST APIs.

In the Gateway URL field, update the standard URL-based supporting HTTP request to the API.
Example String: <https://<hostname>/rest/api/3/issue/ACME-1
In the Method field, you can either mention the Get or Post method to cache the request.
Sender ID is normally the account name set by your provider. This is different for transactional and promotional messages.
Request Data provides a list of URL formats to push SMS to the platform.
In the Accept field, use the field based on settings such as URL encoded or otherwise.
Mention a list of valid success and failed criteria messages to validate your API response in the Success Criteria and Failed Criteria fields.
Provide username and password/key to authenticate to REST API as required by your provider in the Username and Password field.
Enable the Network Proxy field to add the desired network proxy. This is required when your Sectona Web Access component needs to communicate over the internet with Jira Cloud. For more information, configure the Network proxy section Setting up a network proxy.
Enable the Active checkbox and click on Save to activate the configuration.

Email OTP

In this type of authentication, the user's email ID must be registered within the system. Once the user logs in, an OTP will be sent to the registered email ID. The user will have to enter the OTP, after which access will be granted to the system.

To reach the MFA Service, you need to follow specific steps:

Login to the system and select Platform Configuration from the product navigator.
Under the Authentication section click on Multi-factor authentication → Sectona MFA
Choose the Email OTP checkbox.
Fill in the information required.
Click on Save, and your Sectona authentication mechanism will be enabled.

You can define the maximum unsuccessful login attempts and OTP length and define an OTP template.

To provide the user the authority for access to any of the above-mentioned list of supported techniques in Sectona MFA, you need to provide that information in the Logon Policy and select the MFA type.