You are viewing limited content. For full access, please sign in.

Question

Question

SMS MFA for Directory Server logins

asked one day ago Show version history

Hello Everyone 

I'm using an archiving system (Laserfiche) and need to enable multi-factor authentication (MFA) for login, specifically through a service that sends a verification code via mobile SMS.
Is there a way to integrate the archiving system with an SMS-based verification service?

0 0

Replies

replied one day ago Show version history

Hello Abdulrheem,

Your options for MFA in Laserfiche depend on the type of user accounts and identity provider(s) (IDPs) you have (or will have).

Laserfiche Directory Server supports TOTP (authenticator app code) MFA for "Laserfiche" users. See Enabling Multi-Factor Authentication. As that doc page says, "You may still configure MFA for SAML and Active Directory (AD) users through your identity provider." There is no SMS MFA option in Laserfiche itself, as SMS MFA is widely considered less secure. We understand there may sometimes be older requirements to have it but we're not going to add native support for an insecure MFA method. Some external references for that:

 

For SAML users, you may have an SMS MFA option from the SAML identity provider. In that case, the MFA happens during the SAML identity provider's authentication flow, entirely outside of Laserfiche.

For AD users, you can either:

  1. Use a 3rd party solution like Duo that enables MFA on AD logins (which happens outside of Laserfiche), or
  2. If AD users are sync'd to a SAML IDP like Microsoft Entra, Okta, etc., set up that SAML provider as a Linked Provider (see that section of Working with a SAML Identity Provider), and configure MFA on the SAML IDP as mentioned above.

Hope that information is helpful. I renamed the post title from "ask" to "SMS MFA for Directory Server logins" so it's more descriptive.

-Sam

1 0
replied 12 hours ago

Thank you, Sam, for the detailed and clear explanation.
Your response was very helpful and gave me a better understanding of the available options for MFA integration.
Much appreciated!

Best regards,
Abdulrheem Salah

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.