enroll 2fa to thousands of users automating processes
play

Enroll 2FA to thousands of users Automating processes with - PowerPoint PPT Presentation

Dec 28, 2023 •41 likes •311 views

Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Klbel About Cornelius Cornelius Klbel 2FA since 2005 Smartcards, Aladdin eT oken, privacyIDEA since 2014

  1. Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Kölbel

  2. About Cornelius ● Cornelius Kölbel ● 2FA since 2005 – Smartcards, Aladdin eT oken, privacyIDEA since 2014 ● Cornelius.koelbel@netknights.it ● @cornelinux ● @privacyidea

  3. Challenges ● 2FA for services offered by city administration

  4. Challenges ● End customers of electricity provider

  5. Challenges ● 2FA for all university students!

  6. Problems ● User will not come to admin desk ● User unknown ● User dislocated ● User not tech savvy

  7. Problems ● User shoud not copy

  8. Management and Authentication

  9. Network structure REST API, Web UI, CLI, DB Administration REST API, PAM, RADIUS, SAML, LDAP-Proxy Win Cred Prov

  10. privacyIDEA can manage different token types ● Key-fob T okens ● OTP Cards ● SMS, Email, Smartphone ● Yubikey ● U2F ● eT oken NG/OTP ● SSH Keys ● x.509-Certifjcates ● Meta-T okens (Forward, RADIUS, 4eyes) ● ...

  11. Structure of privacyIDEA ● UI on Webserver ● REST API on Webserver ● Library level ● Database level See: http://privacyidea.readthedocs.it

  12. Possible automations ● Database (SQL) ● Library-Calls ● REST API-Calls ● Event Handler

  13. library ● Python libs for all tasks. ● No need for REST API – No load on Webserver ● T ools for – expired users, – janitor for orphaned tokens

  14. Example: automation via library

  15. Call your API – POST /validate/check – POST /token/init – GET /token/ – DELETE /token/OATH12344 See: http://privacyidea.readthedocs.it

  16. Example: API automation Generate tokens for users

  17. Automation via Event Handler ● Trigger additional action

  18. privacyIDEA HTTP Request 1. Pre policies (exceptions) 2. Request 3. Post policies (exceptions) → Response 4. Event Handler triggers additional action

  19. ingredients ● Connected API calls ● Handler Module (notifjcation, token, script, federation) ● Conditions ● Action with options

  20. Example Event Handler ● If a paper token is generated by an administrator, the token will be disabled. ● It will be enabled if, the user authenticates with a registration code. ● The user gets notifjed, when his registration code is used.

  21. Example: Event Handler ● T o support external workfmow, set arbitrary token attribute...

  22. Example: Event Handler ● ...and run an external script!

  23. Example: Event Handler ● (API call) /token/init of registration code ● triggers script to print welcome letter

  24. Example: Event Handler ● /token/assign yubikey ● triggers token handler to set token attribute (needs shipping)

  25. Graduate students: T oken Janitor ● T oken janitor can fjnd and disable/delete unused tokens

  26. Succesful 2FA is a matter of smooth workfmows

  27. ● https://privacyidea.org ● https://github.com/privacyidea ● @privacyidea ● @cornelinux ● Cornelius.koelbel@netknights.it

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA

Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA

<location, date> < Location , date> Reversing Labs // June 2020 Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA rules Cooper Quintin - Senior Security Researcher - EFF Threat Lab

1.01k views • 22 slides
P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her is one of t he core OS responsibilit ies Cont rol access of processes or users t o resources of t he comput er syst em (HW Last Modif ied:

384 views • 11 slides
Automating User-Centered Design of Data- Intensive Processes Research Project Report (RPR)

Automating User-Centered Design of Data- Intensive Processes Research Project Report (RPR)

Automating User-Centered Design of Data- Intensive Processes Research Project Report (RPR) Vasileios Theodorou 26-05-2015 Host University Home University Coadvisor: Supervisor: Supervisor: Dr. Maik Thiele Prof. Alberto Abell Prof.

511 views • 17 slides
CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes

CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes

CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes Week 3 : Users, Permissions, Processes, and Pipes Module Leader: Dr Gordon Russell Lecturers: G. Russell, R.Ludwiniak Aliases: CSN11122 (Distance

644 views • 51 slides
AUTOMATING GIS PROCESSES Course code GEOG-329 10 ECTS in total Period 1 Basics of programming,

AUTOMATING GIS PROCESSES Course code GEOG-329 10 ECTS in total Period 1 Basics of programming,

AUTOMATING GIS PROCESSES Course code GEOG-329 10 ECTS in total Period 1 Basics of programming, data analysis and visualization (Geo-Python) https://geo-python.github.io Period 2 Spatial data management, analysis and visualization (AutoGIS)

332 views • 15 slides
Automating batch fecundity measurements Automating batch fecundity measurements using digital

Automating batch fecundity measurements Automating batch fecundity measurements using digital

W orking Group on Acoustic and Egg Surveys for Sardine and Anchovy in I CES Areas VI I I and I X, Nantes, 2 4 -2 8 / 1 1 / 2 0 0 8 Automating batch fecundity measurements Automating batch fecundity measurements using digital image analysis

391 views • 13 slides
EDUCATION PAYS Ms. Hill $$$!!! ENROLL today at

EDUCATION PAYS Ms. Hill $$$!!! ENROLL today at

PREPARING GRADES 6 THROUGH 12 FOR COLLEGE AND CAREER!! IS THE TREAT IN YOUR FUTURE!! COLLEGE EDUCATION PAYS Ms. Hill $$$!!! ENROLL today at http://hectalentsearch.weebly.com/enroll-in-trio.html l What is HEC TRiO Educational Talent

214 views • 8 slides
Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III,

Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III,

Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III, Ohio State Director, Enroll America 513-659-0187 tdaly@enrollamerica.org Enroll America will help deliver on the promise of affordable health

476 views • 43 slides
A brand new way of building, deploying, and servicing Windows Millions 10s of thousands

A brand new way of building, deploying, and servicing Windows Millions 10s of thousands

A brand new way of building, deploying, and servicing Windows Millions 10s of thousands Users Broad Microsoft Engineering Microsoft Insider Preview builds internal Branch validation Time ~6 months Unmatched flexibility and

486 views • 21 slides
Available Processes Process Name Process Feature C18A6 0.18 CMOS H18A6 0.18 HV-CMOS

Available Processes Process Name Process Feature C18A6 0.18 CMOS H18A6 0.18 HV-CMOS

C ircuits M ulti- P rojets Technology Processes & Runs in 2015 MPW Services Center for IC / MEMS Prototyping http://cmp.imag.fr Grenoble - France CMP annual users meeting, 4 Feb. 2016, PARIS Available Processes Process Name Process

440 views • 15 slides
Statistical Modeling of UNIX Statistical Modeling of UNIX Users and Processes With Users and

Statistical Modeling of UNIX Statistical Modeling of UNIX Users and Processes With Users and

Statistical Modeling of UNIX Statistical Modeling of UNIX Users and Processes With Users and Processes With Application to Computer Application to Computer Intrusion Detection Intrusion Detection Wen-Hua Ju 1 Acknowledgement

798 views • 27 slides
bNesis Easy. Safe. Reliable. About There are thousands of clouds, social networks, analytics,

bNesis Easy. Safe. Reliable. About There are thousands of clouds, social networks, analytics,

bNesis Easy. Safe. Reliable. About There are thousands of clouds, social networks, analytics, marketing and management services all over the world. 99% of them are regional. Russia USA China India Each regional player has millions of users

379 views • 15 slides
RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams exams 1 THE THE exams exams PACKAGE PACKAGE by @AchimZeileis and others, Statistics, Universitt Innsbruck www.r-exams.org latest release

379 views • 14 slides
Automating the Automating the configuration of flow configuration of flow monitoring probes

Automating the Automating the configuration of flow configuration of flow monitoring probes

Zurich Research Laboratory Automating the Automating the configuration of flow configuration of flow monitoring probes monitoring probes Xenofontas (Fontas) Dimitropoulos (xed@zurich.ibm.com) Andreas Kind (ank@zurich.ibm.com) IBM | Dec 07

303 views • 14 slides
Automating Authority Work Automating authority work, or, Be your own authority control vendor

Automating Authority Work Automating authority work, or, Be your own authority control vendor

Mike Monaco Coordinator, Cataloging Services May 14, 2018 Automating Authority Work Automating authority work, or, Be your own authority control vendor Ohio Valley Group of Technical Services Librarians Mike Monaco 2018 Conference, May

1.06k views • 67 slides
Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem

Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem

Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem Replacing the current paper/fax based accreditation system Automating what can be automated Providing a better user experience Improving

232 views • 8 slides
How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C workshop Pierre.Girard@gemalto.com Rome, November 14, 2012 Agenda Gemalto introduction Car as a programming platform Safety, security and

179 views • 15 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and

Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and

9/16/19 Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and Matthew Pasco Overview Background Review of threat surfaces Automotive Security Pattern structure Excerpts from Automotive

327 views • 16 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security CHAPTER 1 - INTRODUCTION 1 Research in Computer Security Studies in what ways

794 views • 77 slides
CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC Modeling Workshop Beijing, PRC November, 2004 Contents General considerations for policy modeling 1. Examples of CGE applications 2. Strategy

375 views • 34 slides
MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti

MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti

Y ea h, but wh a t is MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti M ac t o r L e t ' s st a rt with F th e b a si c s. MFA st a nds f o r uth e nti ca ti o n A " But Am y , wh a t d

331 views • 7 slides
Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah

Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah

Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah Pierce Vicki Nishioka, Ph.D. Senior Advisor- Indian Education Senior Advisor- Evaluation Agenda 1 Welcome and opening activity 2 SEL Policy,

631 views • 31 slides

More recommend