03-27-2013 05:46 PM
We use CPPM for both RADIUS (wireless & application), TACACS (infrastructure) authentication. Today we use CPPM to tie the authentication back to multiple AD forests across our global organization.
Our security manager asked me today, "does CPPM support two-factor auth". His example of two-factor was "a user with credentials as well as a token based phoebe, using both to access a particular system'.
I have not seen any info in the docs or on the board about two-factor except referencing some guest access feature. These type of transactions would be using CPPM, not the guest services.
Thanks for the info...
03-27-2013 07:25 PM - edited 03-27-2013 07:26 PM
CPPM supports integration with two-factor authentication solutions; for example RSA Authentication Manager. It basically uses RSA as an authentication source for use in Services and Policy. However, it may not give you what your manager mentioned "a user with credentials as well as a token based phoebe, using both to access a particular system'.
Although you can use it as an authentication source, it is really up to the application, system, or supplicant to dictate the authentication requirements. In other words, you cannot configure your wireless supplicant to ask for both username/password and username/tokencode combinations to access an 802.1X network. Some products (for example Juniper SA SSL VPN) have configurations to support multiple authentication/authorization sources.
So to answer your question, yes CPPM can integrate with two-factor solutions, however depending on the authenticating application type, it may not deliver what your security manager quoted.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX