nav icon indicating copy to clipboard operation
nav copied to clipboard

Published 20 hours ago verified publisher icon Uninett

Support for MFA (multi-factor authentication)

Open ingeborgoh opened this issue 4 years ago • 3 comments

Due to recent events the need to better secure the access to NAV has come up.

We would like to be able to demand Multi Factor Authentication before users are allowed to log in.

ingeborgoh avatar Jan 08 '21 08:01 ingeborgoh

Comments from nav-ref:

  • Potentially, support for TOTP - Time-based One-time Password would cover this.
  • Maybe "MFA must be used" should be read from LDAP and not apply to local user database
  • Potentially, the whole MFA issue could be side-stepped by using REMOTE_USER and enabling MFA in Feide

lunkwill42 avatar May 05 '22 12:05 lunkwill42

  • [ ] https://github.com/Uninett/campus-tasks/issues/22
  • [ ] #2688

hmpf avatar Oct 30 '23 12:10 hmpf

The docs for setting up REMOTE_USER with either oidc (#2708) or saml (#2740) has been checked and improved, that'll give us MFA for free.

hmpf avatar Nov 16 '23 13:11 hmpf