MFA manager

The manager is the person who manages the permissions and requests for permission relating to one or more domains.

Manage permissions

Manage permissions:

The permissions are the entities that declare which URL (ie schema://domain/path), among those managed by the manager, must be protected by MFA.

Permission management table legend: -Domain column: application domain rule -Description column: description of the rule -Code column: permission code, it must be explanatory and meaningful in a way that it is also clear to the user -Regex column: regular expression of the permission

⚠️

The same regex must be applied on Oplon ADC through customization of the rule rewrite header: 2faGeneric.

-Order column: order of execution of the permit. The order of execution is the natural number. Higher numbers identify priority in the execution of regexes. The first permission .* contains the second /test. For this reason, without a correct order of the regexes, the rule will continue to trigger .* also for /test. If, on the other hand it is indicated correctly the execution order that is, for .* execution order 1 is assigned, while for /test it is assigned execution order 2, the permissions will click correctly: for a path /test it will click only permission with regex / test and permission with regex .*.

  • App Access Column: if flag to true it enables login via app
  • Email Access Column: if flag to true it enables login via email
  • Groups Tags column: it is a declarative field that allows you to send information To the application protected by MFA (endpoint application). It is a CSV field,it can be populated with strings separated by commas.

Management of permit requests

In this table the manager has the possibility to perform actions on user permission requests.

Management of permit requests:

Permission requests can be found in this table:

  • Pending (Pending) or awaiting an action by the Manager
  • Granted (Accepted) or accepted by the manager
  • Denied (Denied) or rejected by the manager

In the Pending permission requests it is possible to modify the permission request by entering:

  • Expiration (Expiration) or the expiration of the permit after which it will no longer be active
  • Groups Tags: in this field it can be inserted through multiple selection some or all Groups Tags fields declared in the permission in the table Permission Management
  • ID: another field that together with Groups Tags allows a specific user for a specific permission request to be able to enter a string that will arrive to the MFA protected application (endpoint application)