Malangizo Othandizira
Pangani MFA yanu yosinthika ndi ma tempulo a zochita
Mbiri
Adaptive multi-factor authentication (MFA) imachepetsa mikangano kwa ogwiritsa ntchito ovomerezeka powunika ngozi zomwe zimachitika pogwiritsa ntchito makina ophunzirira makina (ML) ma aligorivimu, kotero kuti ogwiritsa ntchito odziwika pamabwalo awo omwe amaponderezedwa nthawi zonse amatsatiridwa mwachangu papulatifomu yanu.
Koma, zimatenga nthawi kuti mupange injini yachiwopsezo kuyambira pachiyambi, ndikupeza MFA yoyenera kungapangitse kusiyana pakati pa kumanga chidaliro cha ogula, ndi wosuta kusiya nsanja yanu chifukwa panali masitepe ambiri oti alowemo.
Kuti akhazikitse Adaptive MFA, Okta CIC ili ndi zida zodalirika za ML zomwe zikupezeka kunja kwa bokosi kuti zigwirizane ndi zomwe mukufuna pakuwunika kwanu, kuti muwongolere UX ndi chitetezo kwa onse ogwiritsa ntchito omwe akufuna kugwiritsa ntchito nsanja yanu.
Mutha kugwiritsa ntchito kuwerengera kwa ML ndi Actions, ndikupanga pulogalamu yanuyanu ya Adaptive MFA yomwe imathetsa malo osawona omwe MFA yoyimilira ingaphonye, monga:
- Kodi mumasunga bwanji magawo ovomerezeka a ogwiritsa ntchito osasokonezedwa koma amaletsa magalimoto osafunikira?
- Kodi ndi liti pamene kuli koyenera kufotokoza mfundo yachiŵiri kapena yachitatu?
- Ndi chiyani chomwe chimatengedwa kuti ndicho maziko otetezera nsanja yanu ndi MFA?
Mu positi iyi tikambirana momwe tingagwiritsire ntchito Zochita, ndi ma templates ati omwe akupezeka m'bokosilo kuti agwire bwino ntchito ikafika pakuchita bwino kwa MFA.
Monga gawo lachikhazikitso chathu chowonjezera, Zochita ndi malingaliro okokera-ndi-kugwetsa ovomereza-code/no-code omwe mungasinthire makonda anu ndikuphatikiza komwe kumayamba ndi Identity.
Zochita zimakulolani kuti muwonjezere khodi ku mfundo zofunika paipi yotsimikizira ndi javascript - ndi ma module a 2M+ npm omwe muli nawo.
Zochita zimakuphunzitsani momwe mungagwiritsire ntchito mphamvu za Zochita, ndikufika pamsika mwachangu kuposa mpikisano, kuthana ndi zochitika zomwe zimagwiritsidwa ntchito wamba zomwe zili zofunika m'mabungwe masiku ano.
Chithunzi #1
Pamafunika kulembetsa MFA
Kulembetsa ndi mwayi wapadera wopatsa ogwiritsa ntchito chisankho akafuna kutsimikizira.
Kutengera kutsimikizika kwa wogwiritsa ntchito, mumachepetsa mikangano kwa iwo, ndikuwapangitsa kuti azikwera ndi chitetezo chanu.
Tiyeni tiyambe ndi Amafunika Kulembetsa MFA Ntchito template.
Yendetsani ku Zochita> Laibulale> Mangani kuchokera ku Template.
Nali thupi la template:
exports.onExecutePostLogin = async (chochitika, api) => {
ngati (!event.user.multifactor?.utali) {
api.multifactor.enable('aliyense', { allowRememberBrowser: false });
}
};
Zomwe zikuchitika apa: Ngati palibe zinthu za MFA zomwe zalembetsedwa, lolani wosuta wanu kulembetsa chilichonse chomwe mungapatse.
Template ndi chiyambi chabe - Tiyeni tiwone zochitika ndi zinthu za api:
The chinthu chochitika ili ndi magawo ambiri osiyanasiyana, omwe akuphatikizapo zambiri za wogwiritsa ntchito, zomwe mungagwiritse ntchito kuti musinthe zofunikira zanu za MFA; pankhaniyi, tikusankha zinthu zambiri zomwe zilipo za MFA, chochitika.user.multifactor?.utali , ndipo ngati palibe (!) olembetsa, pitilizani kulembetsa.
Lingalirani zofunikila kapena kutchula opereka osiyanasiyana kudzera pa chinthu cha API - zinthu zikuphatikiza: awiri, google-authenticator, Guardian.
api.multifactor.enable(wopereka, zosankha)
Zosankha monga allowRememberBrowser zimatsimikizira ngati osatsegula ayenera kukumbukiridwa, kuti ogwiritsa ntchito athe kudumpha MFA pambuyo pake. Ichi ndi boolean chosasankha, ndipo chosasinthika ndichabodza. Mutha sinthani izi kudzera mu kasamalidwe ka API.
Potumiza, kenako kukokera ndikugwetsa zochita zanu zatsopano mumayendedwe olowera (Zochita> Mayendedwe> Lowani) ndikusankha Ikani, ogwiritsa ntchito anu tsopano akuyenera kulembetsa ku MFA:
Bwerezaninso sitepe yomwe ili pamwambapa nthawi iliyonse yomwe mukufuna kuwonjezera Action pachoyambitsa paipi yotsimikizira.
Kukhazikika ndi MFA yanu
Yendetsani ku Chitetezo> Multi-Factor Authentication, ndikusankha zinthu zomwe mukufuna kuti zipezeke kwa ogwiritsa ntchito.
Mpukutu pansi mpaka Zosankha Zowonjezera, ndikusintha kusankha kuti Sinthani Mwamakonda Anu Zinthu za MFA pogwiritsa ntchito Zochita. Izi zimakupatsani mwayi wowonjezera malingaliro anu a Actions ndi nzeru zathu zakunja kwa bokosi Adaptive MFA ML.
Nazi zina mwazinthu zofunika kuziganizira pakuchita kwa wogwiritsa ntchito polemba zolemba kuti zifanane ndi mabuku anu ochezera achitetezo:
- Ndi zinthu ziti zomwe ndikufunika kuti wogwiritsa ntchito atsimikizirenso?
- Kodi zambiri za gawo lawo zimakhudzidwa bwanji ikafika pakuchita zomwe zaperekedwa?
- Ndi zoletsa ziti zamakampani zomwe zimatanthauziridwa kukhala malamulo ogwiritsira ntchito?
Poganizira izi, tiyeni tidutse, pang'onopang'ono, momwe tingagwiritsire ntchito Adaptive MFA yokhala ndi ma templates a Actions.
Chithunzi #2
Yambitsani MFA pamene mkhalidwe wakwaniritsidwa
Template iyi imagwiritsa ntchito kuwongolera kwathu kwa Adaptive MFA pachiwopsezo / chidaliro - kutengera kuwunika kwachiwopsezo, mutha kuletsa omwe akuchita zoyipa, komanso kupanga ubale wachitetezo ndi makasitomala anu kuti adziperekere nokha ndi chinthu china chomwe chadziwika kapena chodabwitsa.
Mu template iyi, newDevice ndiye mkhalidwe womwe umayesedwa pazowonjezera za MFA; muli ndi zotsatirazi zinthu zowunika zoopsa kupezeka kuti muvotere mfundo zodalirika:
- NewDevice
- ImpossibleTravel
- OsadalirikaIP
- Nambala yafoni
Mutha kuphatikizanso zowunikira kuti mutsimikizire za zotsatira za Action; za example, ngati kuyenda kosatheka kumachitika, mutha lembani ntchito ya wogwiritsa ntchito palimodzi.
exports.onExecutePostLogin = async (chochitika, api) => {
// Sankhani zomwe zikhulupiliro ziyenera kuyambitsa MFA, kuti mumve zambiri
zambiri tchulani
// https://auth0.com/docs/secure/multi-factor-authentication/adaptivemfa/
customize-adaptive-mfa#confidence-scores
const promptConfidences = ['otsika', 'wapakatikati'];
// Exampchikhalidwe: yambitsani MFA potengera NewDevice
// mlingo wa chidaliro, izi zidzayambitsa MFA pamene wogwiritsa ntchito akudula mitengo
in
// kuchokera ku chipangizo chosadziwika.
Const confidence =
chochitika.chitsimikiziro?.mayesero angozi?.maunika?.NewDevice
?.kukhulupirira;
const shouldPromptMfa =
chidaliro && promptConfidences.includes(chidaliro);
// Ndizomveka kulimbikitsa MFA pamene wogwiritsa ntchito ali ndi osachepera
imodzi
// adalembetsa MFA factor.
const canPromptMfa =
event.user.multifactor && event.user.multifactor.length > 0;
ngati (iyenera kuPromptMfa && canPromptMfa) {
api.multifactor.enable('aliyense', { allowRememberBrowser: true });
}
};
Chithunzi #3
Yambitsani MFA pamene IP yopempha ikuchokera kunja kwa ma IP osiyanasiyana
Template iyi imaletsa mwayi wopezeka ku pulogalamu yomwe yapatsidwa kunena, netiweki yamakampani, ndi amagwiritsa ntchito laibulale ya ipaddr.js kuwona ma IP, ndipo, pamenepa, yambitsani chidziwitso chokankhira kudzera pa Guardian:
exports.onExecutePostLogin = async (chochitika, api) => {
const ipaddr = amafuna('ipaddr.js');
// pezani CIDR yodalirika ndikuwonetsetsa kuti ndiyovomerezeka
const corp_network = event.secrets.TRUSTED_CIDR;
ngati (!corp_network) {
bwererani api.access.deny('Masinthidwe osavomerezeka');
}
// fotokozani pempho la IP kuchokera ndikuwonetsetsa kuti ndilovomerezeka
lolani current_ip;
yesani {
current_ip = ipaddr.parse(event.request.ip);
} gwira (cholakwika) {
bwererani api.access.deny('Pempho losavomerezeka');
}
// perekani CIDR ndikuwonetsetsa kuti ndiyovomerezeka
lekani cidr;
yesani {
cidr = ipaddr.parseCIDR(corp_network);
} gwira (cholakwika) {
bwererani api.access.deny('Masinthidwe osavomerezeka');
}
// tsatirani MFA wothandizira ngati IP siidali yodalirika
ngati (!current_ip.match(cidr)) {
api.multifactor.enable('Guardian', { allowRememberBrowser: false });
}
};
Chithunzi #4
Pamafunika MFA kamodzi pa gawo
Template iyi imachita zosiyana pang'ono ndi zina.
M'malo moletsa ogwiritsa ntchito, kasinthidwe uku kumakuthandizani kukwaniritsa kutsimikizika kwachete, yomwe imathandizira wogwiritsa ntchito kuti azichita gawo lawo kuchokera pakusakatula kwawo kwanthawi zonse popanda kufunsidwa MFA.
exports.onExecutePostLogin = async (chochitika, api) => {
// ngati mndandanda wa njira zotsimikizira ndizovomerezeka ndipo zili ndi a
njira yotchedwa 'mfa', mfa yachitika kale mu gawoli
ngati (
!chochitika.kutsimikizika |
!Array.isArray(event.authentication.methods) ||
!event.authentication.methods.find((njira) => method.name === 'mfa')
) {
api.multifactor.enable('aliyense');
}
};
Chidule
Ma tempuleti athu adafotokoza momwe mungakhazikitsire MFA pakulembetsa, kunja kwa netiweki yamakampani, gawo lililonse, komanso zoyambira pakukhazikitsa kwa MFA.
Ma tempuleti onsewa amathandizira momwe Universal Login yathu imagwirira ntchito pazotsimikizika zosiyanasiyana, zomwe zikutanthauza kuti mutha kutisiyira UX.
Ndi Zochita, mutha kupanga njira zonse zachitetezo kuti zigwirizane ndi momwe gulu lanu limagwiritsira ntchito chitetezo, ndikuchotsanso mikangano kwa ogwiritsa ntchito ovomerezeka omwe ali odalirika kwambiri.
Za Okta
Okta ndi World Identity Company. Monga bwenzi lodziyimira palokha la Identity, timamasula aliyense kuti agwiritse ntchito ukadaulo uliwonse mosatetezeka - kulikonse, pachida chilichonse kapena pulogalamu iliyonse. Magulu odalirika kwambiri amakhulupirira Okta kuti azitha kupeza mwachitetezo, kutsimikizira, ndi makina opangira okha. Ndi kusinthasintha komanso kusalowerera ndale pakatikati pa Okta Workforce Identity ndi Customer Identity Clouds, atsogoleri abizinesi ndi omanga atha kuyang'ana kwambiri zaluso komanso kufulumizitsa kusintha kwa digito, chifukwa cha mayankho omwe mungasinthire makonda ndi kuphatikiza kopitilira 7,000 komwe kudapangidwa kale. Tikupanga dziko lomwe Identity ndi yanu. Dziwani zambiri pa okta.com.
Auth0 ndiukadaulo woyambira wa Okta komanso mzere wake wapamwamba kwambiri - Okta Customer Identity Cloud. Madivelopa atha kuphunzira zambiri ndikupanga akaunti kwaulere pa Auth0.com.
Zolemba / Zothandizira
 |
okta Adaptive Multi Factor Authentication App [pdf] Buku Logwiritsa Ntchito Adaptive Multi Factor Authentication, Adaptive Multi Factor Authentication App, App |
