Flexible, reliable and lasting multi factor authentication with privacyIDEA
In this talk you will get an overview over the history of two factor authentication and how the market is developing. Classical vendors of two factor authentication have been moving to the cloud. This seems tempting and easy - but what if you want to stay onPrem?
During the last ten years the two factor market saw rapid events of mergers and acquisitions. The user was the one who suffered. While the IT department thought it was rolling a reliable software of a successful vendor, a few years later they were confronted with the product beeing end of life. At the same time new technologies like FIDO2/WebAuthN arrise and are praised in the press. The management is impressed and wants to take action. But what can we expect behind the shiny facade?
Looking at this market situation we will compile a list of requirements for a flexible, reliable and lasting multi factor setup.
Flexible as in giving you the possibility to choose and mix the most appropriate technologies, being it U2F, FIDO2, PUSH or even TOTP or text messages.
Reliable meaning being able to scale and getting updates and fixes on a regular (reliable) basis.
And lasting means providing a solution, that is not bound to one vendors decision, that is not closed source and that will not go end of life behind your back.
Concentrated experience in the two factor market since 2004 has been incorporated into the software privacyIDEA, into which we will take a deeper look in the second part of the talk. privacyIDEA comes with a mighty and flexible policy framework that allows you to adapt privacyIDEA to your needs. The unique event handler modules enable you to fit privacyIDEA into your existing workflows or create new workflows, that work the best for your scenario. In the talk we will take a look how policies and event handlers can help you to adapt it to your needs.
We will discuss the supported authentication methods and how it overcomes the enrollment problems of the Google Authenticator. The privacyIDEA Authenticator App also provides a signed Push functionality for iOS and Android, that allows a secure and easy authentication with your smartphone.
Finally we take a look at connecting existing applications to your central MFA system privacyIDEA via protocols like REST, RADIUS, PAM, SAML, OpenID Connect...
privacyIDEA is Open Source licensed under the AGPLv3. You can test and run it anytime productively in complete privacy!