1) User logs in through NAAF.
2) After logging in, the user receives a security notification by email or text message that says for example "your account was used to log in at 12:30 am".
by: Emiliano L. | over a year ago | Other
Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.
Votes
4
Security notification after user logs in through NAAF
by: Emiliano L. | over a year ago | Other
Comments
How would you see this applied. Would every user receive notices, or just a group, or an individual, or users of specific workstations or different distinguishing characteristic?
I ask because I think most users would find this annoying and in most cases there is a cost to messaging.
Troy
If I follow what the OP is asking, I've seen similar companies (Apple and Google) and banks do this with their multi-factor authentication solution.
That is, if you log into your account for one of these systems, you'll receive a courtesy email stating your account has been accessed on an unknown, new device, etc.
I agree with Troy that I think you'd have to be careful in how often this would occur as your users would get annoyed. In our setup, we use the cookie rule with an expiration date and require users to login via NAAF after their cookie has expired, so we probably wouldn't use this feature.
However, I could see NAAF rules being more flexible where you only need to login via NAAF once and a user's device fingerprint never expires or is valid for months/years and you'd want to be informed in a scenario where you account was access on a new device.
In customer's case it should be mandatory, because customer would like to use this authentication class for some particularly reserved services, for which it is good to know if you are accessing it or not. It would still be convenient to associate the rule with a group of users, so you can select who receives the message.