Enable two factor authentication accessing API Pro...

kumar_puli · 09-27-2017 05:40 AM

One of the customer is expecting below feature while consuming proxies.

is it possible to enable two factor authentication for accessing API Proxies in web application?

if yes, please provide related documents/ info.

I dont know why customer is expecting this feature as we have OAuth2.0,SAML

Thanks,

Kumar P.

robert

Hi @kumar -- if a customer is asking for two-factor authentication for web applications then I assume there is a user-context associated with it? If so, oAuth2 (Auth Code Grant Type) and OpenID Connect should work but there is a catch. Your IDP would need to support the two factor authentication (in addition to being the IDP for OpenID Connect). Hopefully this helps and please let me know if any further questions?

karthik

Hi @kumar to add to Robert's message, this is specific to the IDP you are using. For example if you use Siteminder there is a product called Arcot which has an in-build feature for multi-factor authentication. This would check things like devie DNA and close to 100 other header variables and detect changes in user devices.

If you have freedom to use other open source here is the link to google multi factor authenticator.

Hope this helps.

https://www.google.com/landing/2step/

kumar_puli

client is expecting one more check internally with out manual intervention(entering any values in the webapp) and part of access token(as per I know using attributes we can do it).

Inject the dynamic attribute value(randon number) while generating access token and send randon number to client along with access token and transmitted while accessing the protected resource in apigee.

Thanks,

Kumar P.

Enable two factor authentication accessing API Proxies