• Votes

    3

    Provide option to disable the ability for the Enroll admin (Helpdesk) ...

    Currently a helpdesk admin can enroll/remove enrollments for his/her own user and some clients do see this as a potential risk. Could we perhaps have a policy, similar to ...

  • Votes

    7

    Add integration with Cisco VPN as part of the AAF documentation

    Similar to OpenVPN, we have done a few integrations between AAF and Cisco AnyConnect (VPN) so we could have these steps as part of the documentation for AAF and we could ...

  • Votes

    5

    Temporarily block user account after x failed attempts – when endpoint ...

    Feature: Being able to configure the system to temporarily block user account after x failed attempts (for instance account could be blocked for 30mn after 5 failed ...

  • Votes

    9

    Login screens should, per-computer + per-user, remember last Chain ...

    Windows/Mac/Linux Client login screens should, per-computer and per-user remember the last Chain successfully used to login/unlock that device by that user, highlighting ...

  • Votes

    4

    Allow Events to be configured to use a default repo (if desired) that ...

    For our linux clients we need the option to either have an event ignore the login options list of repositories and use a default repo set at the event level or we need ...

  • Votes

    3

    Do not show chains with Smartphone method when client does not have a ...

    Related to https://ideas.microfocus.com/MFI/advance-authentication/Idea/Detail/14402 Current situation: When offline OTP for Smartphone method is disabled and the user ...

  • Votes

    4

    Allow AAF to import branding from Access Manager automatically

    Hi guys, Can we please update the https://aafapp.demo.live/admin#/policies/WebAuthOptions page so that it can automatically download the standard branding from Access ...

  • Votes

    3

    Add simpleSAML to Appliance for testing and POC

    Would like ability to have simpleSAML on appliance. Mainly quick and simple to setup and test. As a reference the following I found in the Internet just do not like the ...

  • Votes

    5

    Add NAS-IP-Address to Radius event

    Please add NAS-IP-Address (Attribut-Type 4) to Radius event. Because some Appliances (as example Cisco ASA) do not support NAS-Identifier.

  • Votes

    3

    TOTP Enrollment with serial via public api

    We would like to enroll hardware TOTP tokens via public API with unprivileged session, in combination with token serial plus first OTP. Request example: ...

  • Votes

    3

    Auto Enroll TOTP on Smartphone App

    With latest release user can be sent email to enroll Smartphone which is great. Can we also get this option for TOTP? Some customers do not want to use Push ...

  • Planned

    4

    Increase max email OTP TTL

    Current situation: The max email OTP TTL is set at 360 seconds. Desired situation: We have the need for the email OTP TTL to be set at a higher value. Please allow the ...

  • Votes

    4

    Allow for customization of labels when using TOTP

    Typically, when you enroll a device using a TOTP authenticator app like Google's or Microsoft's, after you enroll, the account shows up with the name of the application ...

  • Votes

    8

    Allow for customization of labels when using TOTP

    Typically, when you enroll a device using a TOTP authenticator app like Google's or Microsoft's, after you enroll, the account shows up with the name of the application ...

  • Votes

    11

    Add support for Mac OS TouchID as an advanced auth authentication ...

    Add support for Mac OS TouchID as an advanced authentication authentication method

  • Votes

    1

    Support for Mobile Connect

    Requesting to add Mobile Connect ( general info: https://mobileconnect.io and developer info: https://developer.mobileconnect.io ) as a supported method for Advanced ...

  • Votes

    1

    Time Shifting for Hard Token

    We recently received a new batch of TOTP token from Vasco Go6 TOTP Type, noticed that we need to tune the Window Period into a bigger value to authenticate successfully. ...

  • Votes

    2

    Smooth transition of authenticators: no need to re-enrolment when ...

    This is future request . Migrate the authenticators for already enrolled users who are migrated from existing MS AD domain to the new MS AD domain without all those ...

  • Votes

    1

    Extend API to simplify user repo migrations

    It happens that clients need to migrate directory services. Even because of technology changes, mergers or acquisitions. In such cases they need to manually rewrite ...

  • Votes

    1

    Disallow user to scan QR code if user has enrolled already

    By disable the re-enrollment function, user not able to rescan (by click the Save button) and delete the enrolled authenticator (By click the delete button) Can the ...