Dokumente
Multi Factor Authentication (MFA)
Manager Guide

MFA Manager Guide

The manager is the person who manages the permissions and requests for permission relating to one or more domains.

Manage permissions

Manage permissions:

The permissions are the entities that declare which URL (ie schema://domain/path), among those managed by the manager, must be protected by MFA.

Permission management table legend:

  1. Domain: domain where is applied the permission
  2. Description: description of the rule
  3. Code: permission code, it must be explanatory and meaningful in a way that it is also clear to the user
  4. Regex: regular expression of the permission
⚠️

The same regex must be applied on Oplon ADC through customization of the rule rewrite header: 2faGeneric.

  1. Order: order of execution of the permit. The order of execution is the natural number. Higher numbers identify priority in the execution of regexes. The first permission .* contains the second /test. For this reason, without a correct order of the regexes, the rule will continue to trigger .* also for /test. If, on the other hand it is indicated correctly the execution order that is, for .* execution order 1 is assigned, while for /test it is assigned execution order 2, the permissions will click correctly: for a path /test it will click only permission with regex /test and permission with regex .*.
  2. App access: if flag to true it enables login via app
  3. Email access: if flag to true it enables login via email
  4. Default starting date: default start of the permission before which it will no longer be active (can be overriden)
  5. Default expiration date: default expiration of the permission after which it will no longer be active (can be overriden)
  6. Default starting time interval (UTC): start time (ex: 9am) (can be overriden)
  7. Default expiration time interval (UTC): expiration time (ex: 8pm) (can be overriden)
  8. Groups Tags: it is a declarative field that allows you to send information to the protected application (endpoint application). It is a CSV field,it can be populated with strings separated by commas.
  9. Actions: edit or deletion

Management of permission requests

In this table the manager has the possibility to perform actions on user permission requests.

Management of permit requests:

Permission requests can be found in this table:

  • Pending (Pending) or awaiting an action by the Manager
  • Granted (Accepted) or accepted by the manager
  • Denied (Denied) or rejected by the manager

In the Granted permission requests it is possible to modify the permission request by entering:

  1. Username: username asking the permission request
  2. Email: email asking the permission request
  3. Code: permission code, it must be explanatory and meaningful in a way that it is also clear to the user (inherited from permission)
  4. Domain: domain where is applied the permission (inherited from permission)
  5. Description: description of the rule (inherited from permission)
  6. Starting date: start of the permission before which it will no longer be active (overrides the default)
  7. Expiration date: expiration of the permission after which it will no longer be active (overrides the default)
  8. Starting time interval (UTC): start time (ex: 9am) (overrides the default)
  9. Expiration time interval (UTC): expiration time (ex: 8pm) (overrides the default)
  10. Groups Tags: in this field it can be inserted through multiple selection some or all Groups Tags fields declared in the permission in the table Permission Management
  11. ID (impersonifcation): it is a declarative field that allows you to send information To the application protected by MFA (endpoint application).
  12. Actions: grant, refuse or edit a permission request
End User GuideTenant Guide