Two-factor / Multi-factor authentication for Sites login

Similar Messages

• TS1292 I bought a 4 pack of $25 Itunes gift cards and only 2 will activate.  For the second two it just keeps asking for my login. No error message just keeps repeating the login

  I bought a 4 pack of $25 Itunes gift cards and only 2 will activate.  For the second two it just keeps asking for my login. No error message just keeps repeating the login.  Is there any way to fix this or did I just lose $50

  Report this here:
  iTunes Store Support
  http://www.apple.com/emea/support/itunes/contact.html

• Two factor authentication for login

  Can you tell me when Verizon online will implement 2 factor authentication for logging into web and email?
  Thanks!

  Uh, never.  I doubt its even on their radar.

• Two factor authentication for iCloud?

  Hello,
  I have two factor authentication (aka two step verification) setup for my AppleID - when I login to appleid.apple.com it sends a code to my phone.  So that part works great.  However, when I login to www.icloud.com it doesn't send a code to my phone.  Securing iCloud.com with two factor is very important as iCloud contains a lot of your data (email, contacts, etc.).
  I'm wondering if it's not working for me because two factor for iCloud.com hasn't been fully rolled out yet - or maybe it is still in beta?
  This article indicates that Apple was testing two factor for iCloud.com as recently as June, 2014:
  http://appleinsider.com/articles/14/06/30/apple-testing-two-step-verification-fo r-icloudcom
  So my question is, does anyone know when two-factor authentication will be fully rolled out and working for iCloud.com?
  Thanks!

  After reading a few articles on this subject, Apple is still working on enabling two-factor authentication for iCloud.  At best, they are currently "rolling it out", a process that can take several months due to the millions of users, I guess.  At worst, it's still in beta and they are still testing and working on it... which means it could be next year before it's fully deployed.  I haven't found any articles or news with a firm date.  I'm just glad they are working on it as it's very important.  In the meantime, they have implemented email notifications when you login to your iCloud account.  I tested this and only received one notification (for multiple logins over several days from several different computers) so I'm not sure how well the notifications are really working - but I think the notifications are just a workaround until they get two-factor fully deployed for iCloud.
  Does anyone else have more info on this?

• Two Factor Authentication for UC servers

  Has anyone setup any form of two factor authentication for logging into UC servers (Callmanager/Unity) for administrators using RSA SecurID's or another form of authentication?  We currently use our LDAP account or setup a Application User account but our Security group would like to add another layer of authentication.  Any suggestions?

  Thanks for your help David.  This is not my area of expertise, so if I put in the UC servers IP/URL the proxy server will intercept the request and block it from reaching the UC server?  Our Security group wants two factor enforced so I cannot bypass the second method of authentication.
  Gary

• Multi-Factor Authentication desktop app?

  Is there a desktop app (Win 7/8) for authenticating against Azure Multi-Factor?  I've currently got a MFA provider spun up in Azure and the server installed on prem.  We are currently testing with it for two factor authentication to an RDS deployment
  and it seems to work well.  So far I've used both the phone call and text authentication methods and I'm working on getting the mobile app piece to work. 
  We do have some instances though where users my not have dedicated cell phones.  Is there an app that can be installed on the desktop and works with the Azure MFA that will allow them to two factor auth?  Perhaps allowing them to use a known pin
  to generate a one time passcode?
  Thanks

  No, there isn't one. There *might* be one coming with windows 10 and universal apps, but then again, being able to just use an app on the PC you are accessing the resource from kinda negates the whole value of the additional auth Factor.
  MFA is not limited to mobile phones only, use a regular one if needed. Or even an OATH token. Lastly, you can always fallback to the security questions, since you have the MFA server.

• Can you use Multi Factor Authentication server with Central NPS and RD Gateway?

  Hi,
  Does anyone have any experience getting the Azure Multi-Factor Authentication (MFA) on-premise server, working with a Remote Desktop Gateway server, and a centralised NPS server?  I can get a solution whereby a user can get the second token (phone call/sms
  etc.) but the connection never gets established.  It looks like its looping as it repeats the phone call/text for a second time but again no connection.  I can’t figure out why.
  All the blogs are very vague as to whether you can combine a new MFA NPS connection policy with an existing username/group membership NPS policy on a centralised NPS server (with RAP/CAP policies).
  I need to understand whether we can combine both an MFA Radius policy with a Username/Password plus group membership NPS policy together to achieve two factor authentication.
  Do you have the Remote Desktop Gateway Server connect to the Central NPS server and then the NPS server use the MFA server as its proxy server? In effect turning the NPS server into a proxy Radius server?  
  Or do you configure the Remote Desktop Gateway server to use the MFA server as the proxy Radius server, and configure the MFA server to send on Radius requests to the central NPS server?
  Or either of these scenarios not supported and you can only use the MFA server as the only Radius server in the auth. process? (bypassing NPS policies?)
  Thanks if someone can assist,
  I’ve been using these blogs but to no successful effect:
  http://technet.microsoft.com/en-us/library/dn394287.aspx
  http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/
  http://dave.harris.uno/installing-and-configuring-azure-multi-factor-authentication-mfa/

  Hi Michael,
  Thank you for posting in Windows Server Forum.
  After going through your description, I can say that we can use MFA server with central NPS and RD Gateway. Also the link which you have provided points the step to apply. In addition you can refer below article.
  Configure Remote Desktop Gateway to use Multi-Factor AuthenticationConfigure Remote Desktop Gateway to use Multi-Factor Authentication 
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Bypassing OAAM multi-factor authentication

  Hello
  In our project we found an interesting case where it is possible to bypass multi-factor authentication provided by OAM and OAAM. It can also work for a custom multi-factor login application which is integrated with OAM using the Access SDK.
  If you integrate OAM and OAAM as officially described in
  http://download.oracle.com/docs/cd/E12057_01/doc.1014/e12052/igoam.htm#BABBJACH
  you basically have one form authentication scheme which redirects a user to OAAM when trying to access a protected resource. The user enters username/password in OAAM which is send to OAM using the AccessSDK and validated by the authentiction scheme in OAM.
  From the point of view of OAM the authentication is completed and OAAM receives the ObSSOCookie. OAAM does not return the cookie to the user but continues with additional authencation steps such as secret questions, fingerprints, etc. If all goes well OAAM returns the ObSSOCooki to the user and he is able to access the protected resource.
  The bypass:
  OAM has a nice feature (I call it security bug) which allows a user to add authentication credentials as parameters to the URL when accessing a resource. E.g. a user accessing a protected resource such as app.domain.com can simply enter https://app.domain.com?username=xxx&password=xxx and is automatically authenticated provided the username/password parameters and values are correct. By automatically authenticated I mean that there is no redirection to the login form. The authentication credentials are passed by OAM internally to the authentication scheme. There is no post action being sent and intercepted.
  Why is this bad? If you are using OAAM as a multi-factor login application passing username/password as URL parameters will not involve OAAM at all. From the point of view of OAM a user is authenticated and there is no need to challenge him with OAAM. No matter what additional authentication factors are configured for OAAM, the authentication process is reduced to one factor (username/passwrod).
  Any thoughts on this. I am mostly interested in ideas and approaches to fix this issue.
  Regards, Donat

  Hello Steve
  Bypassing OAAM works with the latest 10g release of OAAM and OAM and the architecture described in the Oracle documentation
  http://download.oracle.com/docs/cd/E12057_01/doc.1014/e12052/igoam.htm#BABBJACH
  Any toughts on this issue?
  Regards,
  Donat

• Multi-Factor Authentication Server and OWA

  Hello,
  I am trying to implement a two factor authentication solutions for our OWA service using Multi-Factor Authentication server.
  What is the best way to accomplish that, Assuming I would like that the only service will be affected by the MultiFactor authentication server is the OWA?
  (without affecting the whole IIS service such as ActiveSync etc.?)

  At present, the MFA Server user enrollment is completely separate from Azure AD. If you want to use the mobile app with the MFA Server, you need to install the User Portal so that users can generate activation codes and set their MFA method to mobile app.
  Also, for users to activate their mobile apps, you have to install the Mobile App Web Service, which communicates with the MFA Server via the Web Service SDK to validate the activation code generated in the User Portal. Here are links for installing the User
  Portal and Mobile App Web Service.
  https://msdn.microsoft.com/en-us/library/azure/dn394290.aspx
  https://msdn.microsoft.com/en-us/library/azure/dn394277.aspx?f=255&MSPPError=-2147217396

• Multi-factor Authentication?

  Multi-factor authentication will soon be mandatory for
  several of my applications. I need to know if CF has any built-in
  functionality, either stock or via custom tags, to handle any of
  the common multi-factor tools. How are other people handling this?
  :-)

  Huh, i'm sorry, I found the answer just after the questioning... :)
  Known Issues:
  * Windows Authentication for Terminal Services is still not supported for
  Windows Server 2012 R2From:https://pfweb.phonefactor.net/install/6.3.0.17465/release_notes.txt
  www.sccmfaq.ch

• With Multi-Factor Authentication ENABLED how can a admin connect remotely to manage Office 365 with PowerShell

  With Multi-Factor Authentication ENABLED how can office 365 admin connect remotely to manage Office 365 with Power-Shell ?
  When I key-in my credentials, auth fails with invalid username and password ?
  Does any know the procedure ?

  This question was closed over a year ago.   You will  need to start a new question.  You can post a link back here if you think it helps.
  I also recommend asking in the O365 developers forum for how to do bulk license upgrades.  You can use the answer here and just remove and then add the new license. 
  ¯\_(ツ)_/¯

• How can I implement  Multi Factor authentication with IAM products?

  Hi I would like to implement multi factor authentication that can be made generic with all IAM produts. Can anyone suggest an MFA factor like that? It shudnt be an add on or plug in. Instead it should be an in built feature. Can anyone suggest any idea?

  Opensso has such feature built-in. You can create an authentication chain in which you can add as many authentication mechanisms as you need.
  Although it is a built-in feature, there's no full support for all sorts of authentication methods. Some of them exist as plugins, like authentication modules for smart cards and biometrics because they are not sold by Sun Microsystems. However, there's a solution for you requrement even tough you might add some auth modules as plugins like biobex, activcard or auth modules from other vendors.
  Regards.

• DirSync and Multi-Factor Authentication Server

  Can DirSync and Multi-Factor Authentication Server be installed on the same server?
  If so would there be any security issues?

  Hi,
  Thanks for posting here!
  There are no known caveats with it but its not a combination we recommend for or against.
  That said, our standard guidance is to put different roles on different machines if resources are available.
  If you are running into any issues, please let us know.
  Hope this helps!
  Regards,
  Sadiqh
  If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

• Is multi-factor auth required for self-service password reset and portal registration?

  Hi, hoping someone can give some clarity on this.  I'm dealing with strictly online accounts, no AD sync to local servers.  I have enabled and configured self-service password reset in AzureAD.  In that config I have required users to register
  their alt contact info when logging into the portal.  While testing this, I don't get prompted to register unless I've enabled multi-factor auth for the test user account.  I need users to register in case they need to use SSPR, but I don't want
  to force them into MFA.  I've gone over the following article and it says nothing about requiring MFA for SSPR or forced portal registration to work.
  https://msdn.microsoft.com/en-us/library/azure/dn683881.aspx
  I know there is a separate link for the registration portal that will guide users through the process, but that's a separate link.  Maybe they'll set it up, maybe they won't.  I'd like for the first sign-on to be a smooth process that gets them
  set up for SSPR if needed.  Can someone clarify and point me in the right direction? Thanks.

  Hey acook15,
  I work on the password reset engineering team.  Right now, you are correct, you cannot enforce registration for password reset during first sign in.  This is a feature that we are working on right now, which will be available very soon for sign
  ins to Azure, your connected apps, and the access panel, and will come a bit later for Office 365 sign ins, as well.
  In the interim, you can configure SSPR to require users to register when they access the access panel at myapps.microsoft.com by following the instructions here: http://aka.ms/customizesspr (search for "Require users to register when signing in to the
  access panel?").  
  You can also read more about other ways to get SSPR data in the system for your users here: http://aka.ms/ssprbestpractices.  Let me know if this helps, and if you need to get in contact with me, feel free to email me at [email protected] 
  Regards,
  Adam.
  Adam Steenwyk | Senior Program Manager | [email protected]

• 2 Factor Authentication for Anyconnect VPN using ISE

  We are planning to implement dual factor authentication for Anyconnect VPN.
  The end users will be authenticated using domain name in machine certificates and username password with
  ISE used as radius server.
  We have the following approaches to achieve this :-
  1. Use primary and secondary authentication with user credentials as primary authentication
  and CN field of the certificate as secondary authentication.However this option prompts users for password for
  both the fields while we want the machine certificate to authenticate itself without a password.
  2. Second approach is to authenticate using user credentials and authorize the user to access the network if
  the machine certificate has a domain name in CN field which we are able to validate from the AD using
  Dynamic Access Policy.
  We are looking forward for discussions on the above approaches and are open to any other
  solution.

  Hi Umahar,
  Not sure I understood correct. You would like to authenticate the user using machine certificate for anyconnect and want to extract CN attribute the client's certificate and send it to the ISE server for further authenticate with AD. And also you don't want an additional password prompt to be produced to the user.
  If my understanding is correct. Then user would get a prompt for the password atleast because in the machine certificate there won't be password, but to authenticate with RADIUS/TACACS , we need both username and password. So how will the user gets authenticated without password.
  If you are looking a way to just see if the user is present under AD, not exactly and authentication then this might not be possible.