Security

Reply
Highlighted
Contributor I

CPPM MFA

Hi,

 

For one of our customer we are searching after a MFA solution.

We would like to build it with CPPM.

Does CPPM have the possibility to send authenticating VPN users a SMS with an access token? We also want to have an e-mail option as failback in case the user doesn't respond to SMS.

 

Kind regards,


Accepted Solutions
Highlighted
Moderator

Re: CPPM MFA

We cannot make recommendations for other products. Identity solutions should be selected based on security requirements.

 

For CPPM UI, any MFA solution that's part of an existing login flow via SAML is supported. For TACACS+, any MFA solution that has a RADIUS agent component is supported.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: CPPM MFA

Which MFA provider do you have? SMS is not an option.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: CPPM MFA

We use SMSpasscode at the moment.

So above solution doesn't work on CPPM?

 

Kind regards,

Highlighted
Moderator

Re: CPPM MFA

SMS is not considered a secure second factor so we do not support it for non-visitor flows.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: CPPM MFA

Ok, to get everything straight, the e-mail option is supported?

 

Kind regards,

Highlighted
Moderator

Re: CPPM MFA

No



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: CPPM MFA

Ok, so the whole setup isn't supported on CPPM?

Any proposals?

Highlighted
Moderator

Re: CPPM MFA

We cannot make recommendations for other products. Identity solutions should be selected based on security requirements.

 

For CPPM UI, any MFA solution that's part of an existing login flow via SAML is supported. For TACACS+, any MFA solution that has a RADIUS agent component is supported.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Contributor I

Re: CPPM MFA

I think the customer should have the option to decide, SMS is considered very secure in many countries.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: