Advanced Authentication (AAf): authenticator sharing

Allow a shared authenticator to be used regardless of whether or not the the account it is shared with has the same authenticator enrolled or not.

For example, if a user has two accounts in separate repositories, they only need one physical token to be assigned to their primary account and they can share it with their secondaryaccount without thier secondary account needing a physical token already assigned as well.

by: Dennis R. | over a year ago | Other

Dennis - do I understand the request as:

Repo1\user1 - FIDO enrolled
Repo2\user1 - Card enrolled
Repo3\user1 - Fingerprint enrolled
Repo4\user1 - TOTP enrolled

User 1 would be able to login with any of the 4 methods to any of the repo's.

The request is for some type of template sharing across connected repositories.

Is this correct?

Troy

by: Troy D. | over a year ago
Hey Troy,

No, we actually just need to go back to the way it was in 5.6.

We need account #2 to be able to use a shared Yubikey enrolled under account #1 without account #2 having a Yubikey enrolled themself. With v6, every person would need a separate yubikey enrolled under each of their accounts just so we could then share one yubikey across all their accounts.

This would at the very least double our yubikey purchase from 120,000 to 240,000 meaning a ton of extra money to purchase all these "dummy tokens".

by: Dennis R. | over a year ago
I understand now. Let me look into this feature.

Troy

by: Troy D. | over a year ago

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

11

authenticator sharing

Comments