Skip to Content

MFA Manager Guide

The manager is the person who manages the permissions and requests for permission relating to one or more domains.

Manage permissions

Manage permissions:

The permissions are the entities that declare which URL (ie schema://domain/path), among those managed by the manager, must be protected by MFA.

Permission management table legend:

  1. Domain: domain where is applied the permission
  2. Description: description of the rule
  3. Code: permission code, it must be explanatory and meaningful in a way that it is also clear to the user
  4. Regex: regular expression of the permission
⚠️

The same regex must be applied on Oplon ADC through customization of the rule rewrite header: 2faGeneric.

  1. Order: order of execution of the permit. The order of execution is the natural number. Higher numbers identify priority in the execution of regexes. The first permission .* contains the second /test. For this reason, without a correct order of the regexes, the rule will continue to trigger .* also for /test. If, on the other hand it is indicated correctly the execution order that is, for .* execution order 1 is assigned, while for /test it is assigned execution order 2, the permissions will click correctly: for a path /test it will click only permission with regex /test and permission with regex .*.
  2. App access: if flag to true it enables login via app
  3. Email access: if flag to true it enables login via email
  4. Default starting date: default start of the permission before which it will no longer be active (can be overriden)
  5. Default expiration date: default expiration of the permission after which it will no longer be active (can be overriden)
  6. Default starting time interval (UTC): start time (ex: 9am) (can be overriden)
  7. Default expiration time interval (UTC): expiration time (ex: 8pm) (can be overriden)
  8. Groups Tags: it is a declarative field that allows you to send information to the protected application (endpoint application). It is a CSV field,it can be populated with strings separated by commas.
  9. Actions: edit or deletion

Management of permission requests

In this table the manager has the possibility to perform actions on user permission requests.

Management of permit requests:

Permission requests can be found in this table:

  • Pending (Pending) or awaiting an action by the Manager
  • Granted (Accepted) or accepted by the manager
  • Denied (Denied) or rejected by the manager

In the Granted permission requests it is possible to modify the permission request by entering:

  1. Username: username asking the permission request
  2. Email: email asking the permission request
  3. Code: permission code, it must be explanatory and meaningful in a way that it is also clear to the user (inherited from permission)
  4. Domain: domain where is applied the permission (inherited from permission)
  5. Description: description of the rule (inherited from permission)
  6. Starting date: start of the permission before which it will no longer be active (overrides the default)
  7. Expiration date: expiration of the permission after which it will no longer be active (overrides the default)
  8. Starting time interval (UTC): start time (ex: 9am) (overrides the default)
  9. Expiration time interval (UTC): expiration time (ex: 8pm) (overrides the default)
  10. Groups Tags: in this field it can be inserted through multiple selection some or all Groups Tags fields declared in the permission in the table Permission Management
  11. ID (impersonifcation): it is a declarative field that allows you to send information To the application protected by MFA (endpoint application).
  12. Actions: grant, refuse or edit a permission request
Last updated on