Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
enroll 2fa to thousands of users automating processes

Enroll 2FA to thousands of users Automating processes with - PowerPoint PPT Presentation

Dec 28, 2023 •41 likes •313 views

Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Klbel About Cornelius Cornelius Klbel 2FA since 2005 Smartcards, Aladdin eT oken, privacyIDEA since 2014

  1. Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Kölbel

  2. About Cornelius ● Cornelius Kölbel ● 2FA since 2005 – Smartcards, Aladdin eT oken, privacyIDEA since 2014 ● Cornelius.koelbel@netknights.it ● @cornelinux ● @privacyidea

  3. Challenges ● 2FA for services offered by city administration

  4. Challenges ● End customers of electricity provider

  5. Challenges ● 2FA for all university students!

  6. Problems ● User will not come to admin desk ● User unknown ● User dislocated ● User not tech savvy

  7. Problems ● User shoud not copy

  8. Management and Authentication

  9. Network structure REST API, Web UI, CLI, DB Administration REST API, PAM, RADIUS, SAML, LDAP-Proxy Win Cred Prov

  10. privacyIDEA can manage different token types ● Key-fob T okens ● OTP Cards ● SMS, Email, Smartphone ● Yubikey ● U2F ● eT oken NG/OTP ● SSH Keys ● x.509-Certifjcates ● Meta-T okens (Forward, RADIUS, 4eyes) ● ...

  11. Structure of privacyIDEA ● UI on Webserver ● REST API on Webserver ● Library level ● Database level See: http://privacyidea.readthedocs.it

  12. Possible automations ● Database (SQL) ● Library-Calls ● REST API-Calls ● Event Handler

  13. library ● Python libs for all tasks. ● No need for REST API – No load on Webserver ● T ools for – expired users, – janitor for orphaned tokens

  14. Example: automation via library

  15. Call your API – POST /validate/check – POST /token/init – GET /token/ – DELETE /token/OATH12344 See: http://privacyidea.readthedocs.it

  16. Example: API automation Generate tokens for users

  17. Automation via Event Handler ● Trigger additional action

  18. privacyIDEA HTTP Request 1. Pre policies (exceptions) 2. Request 3. Post policies (exceptions) → Response 4. Event Handler triggers additional action

  19. ingredients ● Connected API calls ● Handler Module (notifjcation, token, script, federation) ● Conditions ● Action with options

  20. Example Event Handler ● If a paper token is generated by an administrator, the token will be disabled. ● It will be enabled if, the user authenticates with a registration code. ● The user gets notifjed, when his registration code is used.

  21. Example: Event Handler ● T o support external workfmow, set arbitrary token attribute...

  22. Example: Event Handler ● ...and run an external script!

  23. Example: Event Handler ● (API call) /token/init of registration code ● triggers script to print welcome letter

  24. Example: Event Handler ● /token/assign yubikey ● triggers token handler to set token attribute (needs shipping)

  25. Graduate students: T oken Janitor ● T oken janitor can fjnd and disable/delete unused tokens

  26. Succesful 2FA is a matter of smooth workfmows

  27. ● https://privacyidea.org ● https://github.com/privacyidea ● @privacyidea ● @cornelinux ● Cornelius.koelbel@netknights.it

Recommend

enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in 15 minutes in 15 minutes

enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in 15 minutes in 15 minutes

Add Add enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in 15 minutes in 15 minutes FOSDEM 2019, February 3rd Cornelius Klbel about me about me Cornelius Klbel 2FA since 2005 2014: privacyIDEA

922 views • 28 slides
Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III,

Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III,

Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III, Ohio State Director, Enroll America 513-659-0187 tdaly@enrollamerica.org Enroll America will help deliver on the promise of affordable health

476 views • 43 slides
Automating batch fecundity measurements Automating batch fecundity measurements using digital

Automating batch fecundity measurements Automating batch fecundity measurements using digital

W orking Group on Acoustic and Egg Surveys for Sardine and Anchovy in I CES Areas VI I I and I X, Nantes, 2 4 -2 8 / 1 1 / 2 0 0 8 Automating batch fecundity measurements Automating batch fecundity measurements using digital image analysis

392 views • 13 slides
REDHAT KICKSTART REDHAT KICKSTART Automating Linux Installation Automating Linux Installation

REDHAT KICKSTART REDHAT KICKSTART Automating Linux Installation Automating Linux Installation

REDHAT KICKSTART REDHAT KICKSTART Automating Linux Installation Automating Linux Installation John Schulz John Schulz December 11, 2001 December 11, 2001 1 Kickstart Kickstart What is Kickstart? Review of Features Observations

680 views • 40 slides
Automating the Automating the configuration of flow configuration of flow monitoring probes

Automating the Automating the configuration of flow configuration of flow monitoring probes

Zurich Research Laboratory Automating the Automating the configuration of flow configuration of flow monitoring probes monitoring probes Xenofontas (Fontas) Dimitropoulos (xed@zurich.ibm.com) Andreas Kind (ank@zurich.ibm.com) IBM | Dec 07

308 views • 14 slides
Automating MySQL Deployments on Kubernetes Calin Don & Flavius Mecea Presslabs Automating

Automating MySQL Deployments on Kubernetes Calin Don & Flavius Mecea Presslabs Automating

Automating MySQL Deployments on Kubernetes Calin Don & Flavius Mecea Presslabs Automating MySQL Deployments on Kubernetes Percona Live 2018 00. Who are we? Calin Don Flavius Mecea Co-founder & CTO Project Lead @Presslabs

598 views • 40 slides
Automating Authority Work Automating authority work, or, Be your own authority control vendor

Automating Authority Work Automating authority work, or, Be your own authority control vendor

Mike Monaco Coordinator, Cataloging Services May 14, 2018 Automating Authority Work Automating authority work, or, Be your own authority control vendor Ohio Valley Group of Technical Services Librarians Mike Monaco 2018 Conference, May

1.06k views • 67 slides
Automating Production of Cross Media Automating Production of Cross Media Content for

Automating Production of Cross Media Automating Production of Cross Media Content for

AXMEDIS project slides http://www.axmedis.org Automating Production of Cross Media Automating Production of Cross Media Content for Multichannel Distribution Content for Multichannel Distribution AXMEDIS Tool Core for AXMEDIS Tool Core for

252 views • 9 slides
RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams exams 1 THE THE exams exams PACKAGE PACKAGE by @AchimZeileis and others, Statistics, Universitt Innsbruck www.r-exams.org latest release

380 views • 14 slides
Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting Fermilab Users

Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting Fermilab Users

Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting Fermilab Users Meeting CMS Physics from Early LHC Running Dan Green Fermilab For the CMS Collaboration FNAL Users Meeting June 2010 1 Outline Outline

617 views • 25 slides
Birth and Death Processes Today: Birth processes Birth and Death Processes Death

Birth and Death Processes Today: Birth processes Birth and Death Processes Death

Birth and Death Processes Today: Birth processes Birth and Death Processes Death processes Biarth and death processes Bo Friis Nielsen 1 Limiting behaviour of birth and death processes Next week 1 DTU Informatics Finite state

312 views • 7 slides
Programs, Processes, and Threads Programs, Processes, and Threads (Chapter 2) Processes

Programs, Processes, and Threads Programs, Processes, and Threads (Chapter 2) Processes

CPSC 313: Intro to Computer Systems Programs, Processes, Threads Programs, Processes, and Threads Programs, Processes, and Threads (Chapter 2) Processes in UNIX (Chapter 3) Programs, Processes, and Threads Programs, Processes, and

388 views • 11 slides
Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA

Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA

<location, date> < Location , date> Reversing Labs // June 2020 Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA rules Cooper Quintin - Senior Security Researcher - EFF Threat Lab

1.01k views • 22 slides
to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will

to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will

Linking Assurity OneKey 2FA to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will require 2 Factor Authentication (2FA) login with effect from 18 July 2018 IRMS AcuteNET (eReferral ACP (InteRAI)

233 views • 21 slides
True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David

True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David

True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David Mazires, Dan Boneh, Dominic Rizzo Stanford and Google IEEE Security & Privacy 2019 U2F: Effective hardware 2FA 2 U2F: Effective hardware 2FA

784 views • 65 slides
Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers Min Hee Kim , Christina Yeung,

Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers Min Hee Kim , Christina Yeung,

Secondary Education: Measuring Secondary Uses of 2FA Phone Numbers Min Hee Kim , Christina Yeung, Daniel Salsburg, Joseph A. Calandrino Office of Technology Research and Investigation Federal Trade Commission The views expressed are not

346 views • 10 slides
How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C

How can webapps benefit from automotive environment, with safety? Web and automotive W3C workshop Pierre.Girard@gemalto.com Rome, November 14, 2012 Agenda Gemalto introduction Car as a programming platform Safety, security and

181 views • 15 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

839 views • 44 slides
Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and

Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and

9/16/19 Security Patterns for Automotive Systems Betty H.C. Cheng with Bradley Doherty, Nick Polanco, and Matthew Pasco Overview Background Review of threat surfaces Automotive Security Pattern structure Excerpts from Automotive

334 views • 16 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

403 views • 5 slides
CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security

CSCI 4250/6250 Fall 2013 Computer and Networks Security CHAPTER 1 - INTRODUCTION 1 Research in Computer Security Studies in what ways

795 views • 77 slides
CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC

CGE Models for Regional Policy Research: Notes and Examples David Roland-Holst, UC Berkeley DRC Modeling Workshop Beijing, PRC November, 2004 Contents General considerations for policy modeling 1. Examples of CGE applications 2. Strategy

377 views • 34 slides
MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti

MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti

Y ea h, but wh a t is MFA? www.id e ntit yexpe rts. co .uk | @Id e ntit y E xpe rts With Am y St o k e s-W a t e rs ulti M ac t o r L e t ' s st a rt with F th e b a si c s. MFA st a nds f o r uth e nti ca ti o n A " But Am y , wh a t d

335 views • 7 slides
Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah

Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah

Washington SEL Capacity Building Series Training 1 Orientation to Washington SEL Resources Sarah Pierce Vicki Nishioka, Ph.D. Senior Advisor- Indian Education Senior Advisor- Evaluation Agenda 1 Welcome and opening activity 2 SEL Policy,

634 views • 31 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.