How to use OTP in Soffid
Introduction
Soffid allows administrator users to config the access authentication with OTP as the second-factor authentication (2FA). This is the way to add a extra layer of protection used to ensure the security of online accounts beyond just a username and password.
The administrator user could config the proper OTP implementations that wants to use.
To know how to config the diffent options you can visit the OTP settings page.
There are three points where OTP can be used in Soffid
- Login Federation
- Access to pages
- XACML Rules
Federation
When you are configuring Soffid as Identity Provider, on the Authentication section you could config the OTP as a second authentication factor (2FA).
You can visit the How to deploy the identity & service provider step by step page for more detailed information
Example
Frist of all, configure the OTP as a secondo factor authentication at the Identity & service providers page
Then, when users login, they must write their credentials
If the credentials written are ok, finally Soffid will ask for the 2FA
Authentication
Regarding to the access to pages, you will be able to config the specific Soffid console pages that will require OTP authentication. In addition, you will be able to config if the second-factor authentication will be required to all the users or only to users with enabled token.
You can visit the Authentication page for more information
Example
The following is an example of how for a given configuration, a user can access certain pages, or how a second authentication factor is required for the user.
Second factor authentication configuration
Soffid will require the PIN to access to the specified pages to users with a enabled token
User access
XACML
OTP can also be used at XACML Policy Management. This policies allow adding more complex and restricted rules to the authorizations.
You can visit the XACML book for more information.
Example
&&TODO&&