on 07-01-2021 10:12 AM
Hello
Context: I have a BTP subaccount using a SAP Authentication Service tenant to maintain user access to our custom applications. We need to send a validation code at the first connection of the users to confirm their phone number.
I saw there is a configuration menu in the IAS tenant to use an MFA service (with sms validation code)
I learned SAP sold his MFA solution to Synch. But is it possible to use another service for MFA and sending SMS ? If so how can I do that? is there a standard for MFA Api that will be compatible with the built-in configuration interface?
Thanks for your help.
Hello nerevar,
Currently, only Sinch Authentication 365 is supported as MFS using SMS via Identity Autehntication.
Best regards,
Istvan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maxime,
you could revisit your requirement of validating the phone number to maybe validate the email address? Or you consider rolling out a OTP generator - also supported - but that would kind of enforce a 2FA for every login. This might then be used with oAuth to extend the session validation and avoid constant OTP code entry.
With a bit of reengineering, you might want to point the outbound IAS SMS to a middle ware service. I do believe, this outbound call is some kind of REST call or the like - nothing fancy at least. Point it to your own service and translate it into a call to your SMS service of your choice. It is not elegant, require some work, but I guess it won`t get much better at the moment I guess.
Or you naturally can sign up with our ex-colleagues at SINCH.
Cheers,
Dirk
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I had thought about that but I was worried that the "hack" of putting a middleware as a proxy to the existing interface with Synch and redirecting to another service might not work, or at least be a bit to much of engineering. If there is nothing fancy there then I might reconsider this solution also.
Thanks for the input.
nerevar You are spot on - such a proxy would be kind of a hack, it introduces more moving parts that can fail and might even add more security risk surface. As this SMS verification is intended to make things more secure, you should at least consider reaching out to the SINCH people, get a price indication and have your management do that make or buy decision. 😄
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.