Typically, when you enroll a device using a TOTP authenticator app like Google's or Microsoft's, after you enroll, the account shows up with the name of the application or vendor and the login ID. But with Adv. Auth. both values just show up as "Netiq", which is meaningless. Those values need to be able to be customized.
by: Matt W. | over a year ago | Integrations
Comments
Macros or something like that to be able to filled in. For example user logs into Enrollment Portal and their REPO\Username is displayed.
This really should be set up to show this as it does with other products including NAM. It should also be configurable in the Oath OTP Method. I mentioned this to MF 2 years ago on 5.6 version, and can't think why this is still not be taken up and fixed, because to me this is more of a bug than an enhancement request. It makes the ToTP unusable and unprofessional looking beside other implementations
Following up on my comment, it is not as if achieving this is at all difficult. The labels of the TOTP authenticator in question arise from the QR code generated by the appliance. The QR code is simply this formatted URL: otpauth://totp/[account_name]?secret=[secret_key]&issuer=[Website_Title]
On the AA appliance the account_name and website_title are both replaced with NetIQ. On the TOTP class on NAM for instance, the account_name is fixed as the user's email address, and the website_title, the IDP's hostname. We just need AA to do similar, or better, add a configurable policy that allows overriding which user attribute for the account_name and identifiable website_title. Seems such an easy an obvious win!
I agree. I have made a program to test the AA api calls and made my own QR-code and it was easy to modify the labels. When you have multiple accounts for different environments it's vital to have this otherwise it gets very difficult to select the correct one. And we are advanced users, for normal users MFA is difficult and with these labels they will get lost.