Jagoran Aiwatarwa
Sanya MFA ɗin ku ya daidaita tare da samfuran ayyuka
Fage
Tabbatar da ingancin abubuwa da yawa (MFA) yana rage juzu'i ga masu amfani da halal ta hanyar tantance haɗarin ma'amala tare da koyan na'ura (ML) algorithms, ta yadda masu amfani da aka sani a cikin wuraren hawansu na yau da kullun ana bin su cikin sauri akan dandamalin ku.
Amma, yana ɗaukar lokaci don gina injin haɗari daga karce, kuma samun MFA daidai zai iya yin bambanci tsakanin gina amincewar mabukaci, da mai amfani yana watsar da dandalin ku saboda akwai matakai da yawa don shiga.
Don ƙarfafa Adaftan MFA, Okta CIC yana da makin amincewar ML samuwa daga cikin akwatin don dacewa da bukatun kimar haɗarin ku, don inganta UX da tsaro ga duk masu amfani waɗanda ke son samun dama ga dandalin ku.
Kuna iya amfani da wannan lissafin ML tare da Ayyuka, kuma ƙirƙirar shirin MFA ɗin ku mai daidaitawa wanda ke warware wuraren makafi waɗanda MFA ke iya rasawa, kamar:
- Ta yaya kuke kiyaye halaltattun zaman masu amfani ba tare da katsewa ba amma toshe zirga-zirga maras so?
- Yaushe ya dace a gabatar da abu na biyu ko na uku?
- Menene ake ɗaukar tushe don kiyaye dandalin ku tare da MFA?
A cikin wannan sakon za mu rufe yadda ake amfani da Ayyuka, da kuma waɗanne samfurakan Ayyuka ke samuwa daga cikin akwatin don buga ƙasa a guje idan ya zo ga mafi kyawun ayyuka na MFA.
A matsayin wani ɓangare na tsarin aikin mu, Ayyuka sune ja-da-zurfin pro-code/no-code dabaru waɗanda zaku iya keɓance don aikace-aikacenku da haɗin kai waɗanda suka fara da Identity.
Ayyuka suna ba ku damar ƙara lamba zuwa mahimman mahimman bayanai a cikin bututun tantancewa tare da javascript kawai - da 2M+ npm a wurin ku.
Samfuran ayyuka suna koya muku yadda ake amfani da ƙarfin Ayyuka, da samun kasuwa cikin sauri fiye da gasar, magance lamuran amfani gama gari waɗanda ke da mahimmanci ga ƙungiyoyi a yau.
Samfura #1
Ana buƙatar rajistar MFA
Yin rajista wata dama ce ta musamman don baiwa masu amfani zaɓi idan ya zo ga tantancewa.
Dangane da zaɓin tantancewar mai amfani, kuna rage musu juzu'i, kuma ku shigar da su tare da yanayin tsaro.
Bari mu fara da Ana buƙatar Rijistar MFA Samfurin aiki.
Kewaya zuwa Ayyuka > Laburare > Gina daga Samfura.
Ga jikin samfurin:
exports.onExecutePostLogin = async (wato, api) => {
idan (! Event.user.multifactor?. tsawon) {
api.multifactor.enable ('kowa', {bayar da Tunatarwa: ƙarya});
}
};
Me ke faruwa da gaske a nan: Idan babu wasu abubuwan MFA da aka yi rajista, ƙyale mai amfani da ku ya yi rajista a cikin duk abin da kuka samar.
Samfurin shine farkon kawai - Bari mu kalli taron da abubuwan api:
The abu taron yana da sigogi daban-daban da yawa, waɗanda suka haɗa da bayanai game da mai amfani, waɗanda zaku iya amfani da su don keɓance buƙatun ku na MFA; a wannan yanayin, muna jefa kuri'a nau'ikan abubuwan MFA masu samuwa, event.user.multifactor?. tsayin , kuma idan babu (!) da aka yi rajista, ci gaba da yin rajista.
Yi la'akari da buƙata ko ƙayyadaddun masu samarwa daban-daban ta hanyar API abu - abubuwan sun haɗa da: duo, google-authenticator, mai kulawa.
api.multifactor.enable (mai bayarwa, zaɓuɓɓuka)
Zaɓuɓɓuka kamar allowRememberBrowser yana ƙayyade idan ya kamata a tuna da mai binciken, ta yadda masu amfani za su iya tsallake MFA daga baya. Wannan zaɓin boolean ne, kuma tsohowar ƙarya ce. Za ka iya gyara wannan zaɓi ta API ɗin gudanarwa.
Ta hanyar turawa, sannan jawowa da jefar da sabon aikin ku cikin kwararar shiga (Ayyuka > Yawo > Shiga) da zabar Aiwatar, masu amfani da ku yanzu ana buƙatar yin rajista a cikin MFA:
Maimaita matakin da ke sama a duk lokacin da kake son ƙara wani Aiki zuwa faɗakarwa a cikin bututun tantancewa.
Samun daidaitawa tare da MFA ɗin ku
Kewaya zuwa Tsaro > Tabbatar da abubuwa da yawa, kuma zaɓi abubuwan da kuke son kasancewa ga masu amfani da ƙarshenku.
Gungura ƙasa zuwa Ƙarin Zaɓuɓɓuka, kuma kunna zaɓi zuwa Keɓance Abubuwan MFA ta amfani da Ayyuka. Wannan yana ba ku damar ƙara dabaru na Ayyukan Aiki tare da bayanan mu na adaftar MFA ML na waje.
Anan akwai wasu mahimman bayanan da za a yi la'akari da su game da ma'amalar mai amfani yayin yin codeing don dacewa da littattafan wasan ku na tsaro:
- Wadanne yanayi nake buƙatar mai amfani na don sake tabbatarwa?
- Ta yaya bayanin zaman su ke da mahimmanci idan ana batun gudanar da wani ciniki?
- Wadanne hane-hane na manufofin kamfani ke fassara zuwa manufofin aikace-aikace?
Tare da waɗannan la'akari, bari mu yi tafiya, mataki-mataki, yadda ake aiwatar da MFA mai daidaitawa tare da samfuran Ayyuka.
Samfura #2
Fara MFA lokacin da yanayin ya cika
Wannan samfuri yana yin amfani da maƙiyan haɗari / amincewar MFA ɗin mu - dangane da kimanta haɗarin, kuna iya yuwuwar kiyaye miyagu ƴan wasan kwaikwayo, amma kuma gina dangantakar tsaro tare da abokan cinikin ku don ba da kanku tare da wani abu a yayin da aka gano sabon hali ko mara kyau.
A cikin wannan samfuri, sabon na'ura shine yanayin da aka tantance don ƙarin tsokaci na MFA; kana da wadannan abubuwan kima na haɗari akwai don jefa kuri'a makin amincewa:
- Sabuwar Na'ura
- Tafiya Ba Zai yuwu ba
- Ba amintacce IP
- Lambar tarho
Hakanan kuna iya haɗa ƙima don yanke shawara game da sakamakon Action; domin misaliample, idan ba zai yiwu tafiya ya faru, za ka iya toshe ma'amalar mai amfani gaba ɗaya.
exports.onExecutePostLogin = async (wato, api) => {
// Yanke shawarar wanne ƙididdigar amincewa da zai jawo MFA, don ƙarin
bayani koma zuwa
// https://auth0.com/docs/secure/multi-factor-authentication/adaptivemfa/
customize-adaptive-mfa#aminci-maki
const QuickConfidences = ['ƙananan', 'matsakaici'];
// ExampLe yanayin: MFA mai sauri kawai bisa NewDevice
// matakin amincewa, wannan zai faɗakar da MFA lokacin da mai amfani ke shiga
in
// daga na'urar da ba a sani ba.
amincewa =
Event.authentication?.Kididdigar haɗari?.kimanin?.Sabuwar Na'ura
?. amincewa;
const shouldPromptMfa =
amincewa && gaggawaConfidences.ya haɗa da (aminci);
// Yana da ma'ana kawai don faɗakarwa ga MFA lokacin da mai amfani yana da aƙalla
daya
// MFA factor.
const canPromptMfa =
event.user.multifactor && event.user.multifactor.tsawon > 0;
idan (yakamataPromptMfa && canPromptMfa) {
api.multifactor.enable ('kowa', {bayar da Tunatarwa: gaskiya});
}
};
Samfura #3
Ƙaddamar da MFA lokacin da IP mai neman ya fito daga waje takamammen kewayon IP
Wannan samfuri yana ƙuntata damar zuwa aikace-aikacen da aka bayar don faɗi, cibiyar sadarwar kamfani, da yana amfani da ɗakin karatu na ipaddr.js don tantance IPs, kuma, a wannan yanayin, kunna sanarwar turawa ta hanyar Guardian:
exports.onExecutePostLogin = async (wato, api) => {
const ipaddr = bukata ('ipaddr.js');
// sami amintaccen CIDR kuma tabbatar yana aiki
const corp_network = event.secrets.TRUSTED_CIDR;
idan (!corp_network) {
mayar api.access.deny('Invalid configure');
}
// raba buƙatun IP daga kuma tabbatar yana aiki
bari current_ip;
gwada {
current_ip = ipaddr.parse(event.request.ip);
} kama (kuskure) {
mayar api.access.deny ('Buƙatar mara inganci');
}
// bincika CIDR kuma tabbatar da inganci
da cidr;
gwada {
cidr = ipaddr.parseCIDR(corp_network);
} kama (kuskure) {
mayar api.access.deny('Invalid configure');
}
// tilasta MFA mai kulawa idan IP ɗin baya cikin amintaccen rabo
idan (!current_ip.match(cidr)) {
api.multifactor.enable ('mai kula', {bayar da Tunatarwa: ƙarya});
}
};
Samfura #4
Bukatar MFA sau ɗaya a kowane zama
Wannan samfuri yana yin wani abu kaɗan daban da sauran.
Maimakon kiyaye masu amfani, wannan tsarin yana taimaka muku cimma nasara Tantance shiru, wanda ke goyan bayan mai amfani don aiwatar da zaman su daga wuraren da suka saba da burauza ba tare da an sa su ga MFA ba.
exports.onExecutePostLogin = async (wato, api) => {
// idan tsararrun hanyoyin tantancewa suna da inganci kuma sun ƙunshi a
Hanyar mai suna 'mfa', an riga an yi mfa a cikin wannan zaman
idan (
!hakika.tabbatacce ||
!Array.isArray(hasuwar.Tabbacinta.hanyoyi) ||
!event.authentication.methods.find ((hanyar) => hanya.name === 'mfa')
) {
api.multifactor.enable ('kowa');
}
};
Takaitawa
Samfuran mu sun rufe yadda ake tilasta MFA akan rajista, a wajen hanyar sadarwar kamfani, kowane zama, da farkon aiwatar da MFA mai daidaitawa.
Duk waɗannan samfuran suna ba da ikon yadda Login Universal ɗinmu ke aiki a cikin mahallin tabbatarwa daban-daban, wanda ke nufin zaku iya barin UX gare mu.
Tare da Ayyuka, zaku iya ƙirƙirar gabaɗayan guduwar tsaro don dacewa da shari'o'in amfani da tsaro na ƙungiyar ku, da kuma kawar da saɓani ga halaltattun masu amfani waɗanda ke kan sikelin dogaro.
Game da Okta
Okta shine Kamfanin Identity na Duniya. A matsayinmu na jagora mai zaman kansa abokin tarayya, muna ba kowa damar yin amfani da kowace fasaha cikin aminci - a ko'ina, akan kowace na'ura ko app. Mafi amintattun samfuran samfuran sun amince da Okta don ba da damar shiga mai tsaro, tantancewa, da aiki da kai. Tare da sassauci da tsaka-tsaki a cikin ainihin Okta Workforce Identity da Abokin Ciniki Clouds, shugabannin kasuwanci da masu haɓakawa za su iya mayar da hankali kan ƙididdigewa da haɓaka canjin dijital, godiya ga hanyoyin da za a iya daidaitawa da fiye da 7,000 da aka riga aka gina. Muna gina duniya inda Identity na ku ne. Ƙara koyo a okta.com.
Auth0 fasaha ce ta tushe ta Okta da layin samfurin sa - Okta Identity Identity Cloud. Masu haɓakawa za su iya ƙarin koyo da ƙirƙirar asusu kyauta a Auth0.com.
Takardu / Albarkatu
 |
okta Adaptive Multi Factor Authentication App [pdf] Jagorar mai amfani Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararren Ƙwararrun Ƙwararrun Ƙwararru, App |
