2 factor authentication avail in Canada?

Similar Messages

• Is ASA integration with ISE and RSA for 2 factor authentication a valid/tested design

  Hi,
  Customer currently uses ASA to directly integrate with RSA kind of solution to provide 2 factor authentication mechanism for VPN user access.  We're considering to introduce ISE to this picture, and to offload posture analysis from ASA to ISE.  And the flow we're thinking is to have ASA interface to ISE and ISE interface to RSA and AD backend infrastructure.  And we still need the 2 factor authentication to work, i.e., customer gets a SMS code in addition to its login username and password.  I'm wondering if ASA/ISE/RSA/AD integrated solution (and with 2 factor authentication to work) is a tested solution or Cisco validate design?  Any potential issue may break the flow?
  Thanks in advance for any input!
  Tina

  Hi,
  I have an update for this quite broad question.
  I have now came a bit further on the path.
  Now the needed Radius Access Attribute are available in ISE after adding them in
  "Policy Elements" -> "Dictionaris" -> "System" -> "Radius" -> "Cisco-VPN3000".
  I added both the attribute 146 Tunnel-Group-Name which I realy need to achive what I want(select diffrent OTP-backends depending on Tunnel Group in ASA) and the other new attribute 150 Client-Type which could be intresting to look at as well.
  Here the "Diagnostics Tools" -> "Generel tools" -> "TCP Dump" and Wireshare helped me understand how this worked.
  With that I could really see the attributes in the radius access requests going in to the ASA.
  Now looking at a request in "Radius Authentication details" I have
  Other Attributes:
  ConfigVersionId=29,Device Port=1025,DestinationPort=1812,RadiusPacketType=AccessRequest,Protocol=Radius,CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=SMHI-TG-RA-ISESMS,CVPN3000/ASA/PIX7.x-Client-Type=,CPMSessionID=ac100865000006294FD60A7F,.....
  Ok, the tunnel group name attribute seems to be understood correct, but Client-Type just say =, no value for that.
  That is strange, I must have defined that wrong(?), but lets leave that for now, I do not really need it for the moment being.
  So now when I have this Tunnel-Group-Name attribute available I want to use it in my Rule-Based Authentication Policy.
  Problem now is that as soon as I in an expression add a criteria containing Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name matches .* (just anything), then that row does not match any more. It still work matching against NAS-IP and other attributes.
  What could it be I have missed?
  Best regards
  /Mattias

• 2-factor authentication

  Hi,
  Has anybody ever exposed the live portal to the internet and if so have you implemented enhanced security such as 2-factor authentication e.g. SecurID, challenge cards on top of normal user/pwd?
  ... or something similar to the online banking such as confirming a random sequence of data from a security word?
  Thanks in advance,
  Paul Snyman

  Hi Paul,
  to achieve this, you can make use of JAAS (Java authentication and authorization services). you may want to have a look at a teched session which covers this topic in more detail:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/leveraging external authentication based on industry standards.pdf
  The session is also available as a recorded session:
  https://www.sdn.sap.com/sdn/elearning.sdn?class=/public/eclasses/teched04/SCUR352.htm
  Regards,
  Patrick Hildenbrand

• Sun VDI - Two Factor Authentication

  Dear Colleagues,
  The simple way to implement two factor authentication is by replacing the vdaclient.jar. We are working on RSA SecurID authentication with SSO support, by using the Windows password integration feature of RSA SecurID. The RSA Authentication Manager (version 6+) has a field for caching the Windows password, normally used by the Windows Authentication Agent (6.1+). These agent API methods are not available in the JAVA agent API nor the c API for Solaris, but we will work around this for our new RSA Authentication Agent for Sun VDI.
  If I understand the broker service correctly, this will not be a solution for direct RDP connections. Users can only be challenged with their AD username and password, the broker will test the credentials using Kerberos and if successful proxy a RDP connection on behalf of the client.
  Does anyone know a possible alternative? Does a roadmap exist for full two factor authentication support on the broker?
  Best Regards,
  Arno Staal
  Divider B.V.

  Hi
  Thanks for your response. I don't think I made myself clear. We run UAG 2010 and have not implemented Direct access. We now have many users wishing to access our internal resources. Our internal info security bods have demanded we provide a two factor authentication
  methodology. Direct access need at least Windows 7 enterprise on the client. We cannot afford the licencing. Nor can we currently afford windows 2012 cals. What I was after was a method of implementing two factor authentication on our current UAG
  portal. I have access to a radius server. I am not an expert on UAG the guy who was has left.
  Regards 

• Second factor authentication via mail

  hello
  I would like to know whether it is possible with NW SSO to send an automated mail with a randomly generated code as part of the 2 factor authentication scheme
  thanks in advance and best regards
  Michele

  Hello Michele,
  The solution is available as part of the two-factor authentication with OTP (SAP Single Sign-On 2.0) and requires an access policy development. See more details about access policies as part of the SAP Single Sign-On 2.0 here:Access Policies Implementation Guide - SAP Library
  Best regards,
  Donka Dimtirova

• DirSync and Multi-Factor Authentication Server

  Can DirSync and Multi-Factor Authentication Server be installed on the same server?
  If so would there be any security issues?

  Hi,
  Thanks for posting here!
  There are no known caveats with it but its not a combination we recommend for or against.
  That said, our standard guidance is to put different roles on different machines if resources are available.
  If you are running into any issues, please let us know.
  Hope this helps!
  Regards,
  Sadiqh
  If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

• Two Factor Authentication not enabled

  I'm trying to enable Two Factor Authentication for my AppleID. However, I can't see the Two Step Verification section in the Password and Security page on the My Apple ID site. What should I do?

  This is not available in all countries - see the bottom of this page to find if this restriction affects you:
  Frequently asked questions about two-step verification for Apple ID - Apple Support

• Multi-factor Authentication?

  Multi-factor authentication will soon be mandatory for
  several of my applications. I need to know if CF has any built-in
  functionality, either stock or via custom tags, to handle any of
  the common multi-factor tools. How are other people handling this?
  :-)

  Huh, i'm sorry, I found the answer just after the questioning... :)
  Known Issues:
  * Windows Authentication for Terminal Services is still not supported for
  Windows Server 2012 R2From:https://pfweb.phonefactor.net/install/6.3.0.17465/release_notes.txt
  www.sccmfaq.ch

• Apple ID - Two Factor Authentication (and why I stopped using it)

  The Apple devices I use every day consist of the following:
  2009 MacBook Pro 17" (home)
  iPhone 6 (home)
  2012 MacBook Pro Retina (work)
  My home devices are all logged in using my Apple ID as usual, and my work laptop uses a Apple ID specific to work, but with my personal Apple ID logged in for iMessage and FaceTime (pretty standard, I presume, for people with full-time work laptops they can bring home, etc.). Now, since I have multiple devices which are constantly syncing everything back and forth, whether it be something as simple as my contacts or as delicate and near and dear to my heart as my photo collection, I felt that maybe I should use two factor authentication for my home Apple ID, just to be on the safe side. I recognize that the two factor authentication only protects iMessage and FaceTime currently, but I implemented it with hopes that someday they will incorporate everything about iCloud and other services synced between Apple devices that you would assume should be covered by a two factor authentication update/overhaul.
  I liked this idea very much, as I use two factor for almost everything I can, but things started to fall apart one day when I had to switch to a temporary work laptop and decided to log in to iMessage with a new app specific password, as you would need to on a new device (unless you wrote down the original iMessage password, which is a terrible thing to do). When I went to create my new iMessage password for work laptop B, I decided to revoke work laptop A's iMessage password while it went in for repairs. This wasn't so bad until something seemed funny about my phone, as it was asking for me to log into iMessage again. Now, I had created a separate password for work laptop A's iMessage when I first logged in a while back, as well as a separate password for the temporary work laptop B so it didn't interfere with my other generated passwords. Apparently this didn't matter.
  I continued and created a new app password for my phone, but when I got home, wouldn't you know it, I had to log into iMessage on my home laptop again as well. I had to create a new password for that, which seemed to work for a while, but then I was prompted to enter my iMessage password on my phone again once I revoked my home laptop's iMessage password. Not following? No, me either. It seemed to me that creating separate app specific passwords for me to use across my devices didn't stay as separate as I thought they should, but instead they somehow seemed to be dependent on one another. Since I had a frustrating time trying to activate iMessage again on my iPhone and laptops on multiple occasions while this was happening, I decided to disable two factor authentication altogether.
  I suppose I should ask a question here, so here goes: has anyone else encountered this horrific two factor authentication/app specific password management issue for their own account? Have you been able to resolve it, and if so, any helpful suggestions? Thanks!

  I had also thought that initially, but after turning it on, I went to sign into iMessage with my Apple ID and regular Apple ID password, but it prompted me to create an app specific password to sign in since I had two factor authentication on, as it wouldn't let me use my regular Apple ID password to log in (which I could use to log in for everything else but iMessage and FaceTime). It was nice since I was prompted to provide a code sent to an Apple device of my choosing when signing into the Apple ID management site or iCloud.com, but forcing me to create app specific passwords for iMessage and FaceTime is kind of ridiculous and frustrating. Maybe there's a way to have two factor authentication without the need for app specific passwords? Or if not, then perhaps that would be a great option to present users when turning that feature on.

• Two Factor Authentication on Windows Server 2008 R2

  We have a small 2008 R2 Active Directory environment with 2 domain controllers and 13 member servers. We have no additional features such as an RDP gateway or Federation Services - just a plain AD setup. We now have a requirement from our client to have
  a two factor authentication solution for each time we logon to any server, either using RDP or locally. We only have 4 admins that ever logon to these servers - we do not have any "regular" users.
  Is there anything out there that would work in this environment without having to modify our AD (at least nothing major)?
  Thanks

  Hi,
  You may consider smart card:
  Smart Card Overview
  http://technet.microsoft.com/en-us/library/hh831433.aspx
  Understanding Requirements for Connecting to a Remote Desktop Gateway Server
  http://technet.microsoft.com/en-us/library/cc770519.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• I have an iPad that has one app that loads to only 72%. Apple tells me that the app is no longer available in canada but it has content that I paid for. How do I get the app to work again?

  I have an iPad that has one app that loads to only 72%. Apple tells me that the app is no longer available in canada but it has content that I paid for. How do I get the app to work again?

  If it's not available in your country and you do not have a copy of it in iTunes backed up on your computer, you don't.

• Having trouble with Google 2 factor authentication and Mac Calendar

  Hello!  I recently started using Google 2-factor authentication on my Google Apps (Pro) account, and have successfully configured my gmail settings in OS X Mail so that inbound/outbound work correctly.  Here's where the problem is:  OS X uses a single password in the system account settings for calendar/contacts/notes, etc, so enter the login/password once and check the boxes for what services you want to use. But Google sees these as distinctly different apps, so when I enter an app-specific password, it only registers for one (i.e.:  contacts), but not for another or the rest of them (like calendar).  Has anyone had experience in setting this up? How can you get app-specific passwords to work with the rest of the OS X system applications besides mail?
  Thank you!

  Unfortunately, I already tried this several times prior to posting here.  The system won't let me add the same account more than once, and continues to prompt me for a password multiple times for each service.

• 2 Factor Authentication and MacBook Pro

  Hi Guys,
  Is it possible to have a MacBook Pro as a trusted device for two factor authentication?
  I am signed into iCloud and 'Find my Mac' on my MBP, however it is not displaying along side my iPad and iPhone as a potential trusted device.
  Googled about can't find anything confirming?
  Thanks,
  Regards,
  John

  Unfortunately, I already tried this several times prior to posting here.  The system won't let me add the same account more than once, and continues to prompt me for a password multiple times for each service.

• Visual Studio 2013 Community Azure Login Not Working with Two-factor Authentication

  Has anybody had any problems logging in to Azure to publish when using Visual Studio 2013 Community and with two-factor authentication turned on?
  I couldn't log on until I turned off two-factor authentication.
  Regards

  Hello John,
  Thanks for posting here!
  You can try and set a credential helper like
  git-credential-winstore in order to cache your credentials. See if that helps.
  Couple of questions here:
  1) Are you using a MSA account by any chance?
  2) When you turn on two-factor authentication, do you get any error message?
  3) Did you try with different browsers?
  Looking forward to your response!
  Regards,
  Sadiqh

• I want to know Apple pay is available in Canada or if it is available how to use it and health app how to use it Ty

  I want to know Apple pay is available in Canada or if it is available how to use it and health app how to use it Ty

  Apple Pay is US-only at this time.