AuthAnvil handles the MFA and SSO function
AuthAnvil SSO plugin has been installed as chrome extension
Authy extention also has been installed if you decide to use OTP and manual input
The AuthAnvil Mobile Android can be use as an alternative for push-notification or OTP
This blog assume you are knowledgeable with typical MFA user enrollment process, and I will not detail that process out, since it mimic most other MFA platforms.
The 1t step is to authentication to the AuthAnvil portal as a administrator and craft a user group that will be bound to the app that we are securing with MFA+SSO.
In my case I have two group of users OWA and FML , my users are members of either group & will be authenticated via MFA and SSO for the fortimail mailbox.
Next we craft a custom APP. My app is named "FML" but you can name yours in whatever fashion that you want & suits your needs.
Identity needs to be set and configured in the application. Take note of the "arrows"
Now a attribute needs to be set. In this case we are using User.EmailAddress for the SSO credentials.
And don't forget to bind your groups to the app. This is what place the APPlications on the launchpad for that user btw.
The final application looks like this and with my default policy
Now when ever that mailuser who's part of the group logins to the AuthAnvil Portal, he|she will authentication via 1st and 2nd factor, and will be carried via SSO directly to the fortimail user mailbox.
After MFA, the user only needs to execute the FortiMail APP to login into FortiMail.
AuthAnvil will carried the credentials for SSO into FortiMail if everything is successful
if SSO fails, then the user must execute the actual login process for the fortimail email account
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment