Hi Jose.
I understand your requirement.
My understanding of the overall concept: Authentication capability was always outside the product, except the pin authentication, which you don't want to use at all
OS Authentication is supported since the beginning.
EEM authentication is supported to integrate to external ldap based directories
SAML support offers the most flexible way to integrate to whatever authentication capabilities customers are looking for.
MFA is just one of them.
Providing these authentication mechanism by the product itself, might be out of scope for several reasons.
But this is just my personal point of view.
...Michael
------------------------------
Regards
....Michael
------------------------------
Original Message:
Sent: 09-03-2021 08:48 AM
From: Jose Gonzalez Guilloty
Subject: Service Management Multi Factor Authentication (MFA)
Hello,
Thanks we are looking this approach.
We have a complex authentication environment where this migth work only for internal users. We also provide access to our main customer that it has it's own domains and Azure AD tenant (we currently connect EEM to their domains for authentication) and External users are manage in another domain.
EEM help us out to connect to the multiple domains and aunthenticate everybody.
But certainly something to to look out.
Also, I was thinking that this MFA feature should be something to be considered as part of the product in future releases. MFA has become a requirement for finance industry for Internet Facing applications and I believe there should be other clients with the same situation.
Original Message:
Sent: 09-02-2021 11:21 AM
From: Chi Chen
Subject: Service Management Multi Factor Authentication (MFA)
Certainly this is a good idea and possible.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs
I can't find techdoc for this like we have for SAML https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/administering-ca-service-desk-manager/enable-saml-authentication-for-ca-sdm.html
Original Message:
Sent: 09-01-2021 02:58 AM
From: Michael Müller
Subject: Service Management Multi Factor Authentication (MFA)
Hello Jose.
Just as an idea or a thought:
I am thinking about the separation of authentication and authorisation, or better identity and service provider.
I believe the following is possible.
SDM can use SAML as an authentication mechanism and in this context acts as a service provider (sp).
The authentication in a SAML context is done by an identity provider (idp).
In my understanding: If you have a SAML idp which supports MFA, I assume , that with SAML, you could implement MFA for SDM.
@Chi Chen: What do you think about this approach?
Regards
....Michael
------------------------------
Regards
....Michael
Original Message:
Sent: 08-26-2021 04:31 PM
From: Chi Chen
Subject: Service Management Multi Factor Authentication (MFA)
Service Desk maileater supports oauth 2.0
https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/Release-Information/CA-Service-Management-17_3_0_4-Release-Notes.html
I am not aware of other MFA support
Original Message:
Sent: 08-26-2021 01:33 PM
From: Jose Gonzalez Guilloty
Subject: Service Management Multi Factor Authentication (MFA)
Hello,
We have a requirement in our organization to enable Multifactor Factor Authentication (MFA) for Service Desk Management and Service Catalog.
I found this document:
Does CA SDM support two factor authentication (2FA)?
I want to hear from the community if this has been implemented in your organizations and the details that can be shared.
Regards,
Jose