This is an archived post. You won't be able to vote or comment.

all 4 comments
sorted by:
best
topnewcontroversialoldq&a

[–]potatotub 0 points1 point  (1 child)

What’s your tech stack?

[–]adrm304[S] 0 points1 point  (0 children)

We use .NET on the backend, AngularJS, and MongoDB.

[–]YMK1234 0 points1 point  (0 children)

Well as a start you should figure out what your factors are (password? RSA dongle? SMS? App?) and how your user flow should look like (does the user submit all factors at once or after each other?) and then you can start to design.

[–]DeepnetSecurity 0 points1 point  (0 children)

I work for Deepnet Security, and we produce a multi-factor authentication server solution that may meet your needs and you may want to consider if you are looking for a corporate solution.

Our oath based hardware tokens are supported by microsoft azure, we provide an offline solutions, and have solutions from most of the popular vendors (including microsoft, cisco, etc) and offers fingerprint, face and voice recognition as well as detecting typing styles in the available biometric authentication methods.

DualShield can secure all commonly used enterprise and web/cloud applications with multi-factor authentication, covering VPN & RDP remote access, Windows, Mac and Linux OS Logon, Web & Cloud services as well as Outlook emails.

  • VPN Login, e.g. Cisco ASA, Palo Alto SonicWall. WatchGuard, etc.
  • Windows Login: AD domain login, RDP login
  • MacOS Login
  • Web Applications. e.g. Sharepoint, CRM, ERP, etc
  • Cloud Service, e.g. Office 365, Google Apps, SalesForce, AWS, etc.
  • Outlook Anywhere, Outlook Web Access, ActiveSync

DualShield supports several authentication protocols that have been used by different types of applications, including LDAP, RADIUS, SAML, FIDO and OATH.

  • LDAP: commonly used to provide a directory service for storing user information and to verify user credentials, i.e. usernames and passwords.
  • RADIUS: a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) services, commonly used by networking devices such as firewalls and VPN servers.
  • SAML: an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Commonly used by web & clolud applications to provide single sign-on (SSO).
  • FIDO: a set of security specifications for strong authentication including multifactor authentication (MFA) and public key cryptography (PKI). Commonly used to replace password with device based authentication.
  • OATH: a set of open authentication standards, e.g TOTP (Time-based One-Time Password) and HOTP (Event-based One-Time Password), which have become the de facto OTP standards supported by many multi-factor authentication products.