Skip to main content
Skip table of contents

MFA via external service

About

Multi Factor Authentication can be used with external services.

There are two possible scenarios:

  1. The external service provides the MFA PIN. Once the user has entered the MFA PIN in the login mask, it is sent to the external service for validation.

  2. The user logs in with his credentials and VISULOX Service waits for the answer of external service. The external service checks the login and gives feedback to VISULOX.

Configuration

A Login Policy has to be created with the mode: MFA via external Service  

The PIN script for this policy has to be created and assigned, for example:

CODE 
# exitcode 0: script run without error
# any other exitcode: script error
# State results on stdout
# echo "ok:a free text (currenly no seen by the user"
# echo "request: Message in the login dialog"
# echo "denied: Message in the login dialog"
# 
# enviroment as variable. see documentation
# Example with pin request: 
examplePinRequest () { 
  if [[ "$VLXPIN" = "1234" ]]
    then
     echo "ok:any text ..."
   elif [[ "$VLXPIN" = "NULL" ]] || [[ "$VLXPIN" = "" ]]
    then
     echo "request: ... enter pin ..."
   else
      echo "denied: ....pin is wrong...."
   fi
}
exampleLoginConfirmed () { 
	local result=$( external service)
	[[ -z "$result" ]] && echo "ok" || echo "failed:$result"
	exit 0
 }
#examplePinRequest
#exampleLoginConfirmed
echo "denied: modify template script"
exit 0


This script has to be adjusted according to the needs of the external service.

In the example the section examplePinRequest has to be adjusted for the first method, where the MFA PIN is provided by the external service.

For the second method, where the user logs in with his credentials, the section exampleLoginConfirmed has to be adjusted.


If the external service takes time to respond, the proxy timeout setting has to be adjusted on the VISULOX GATEWAY.

It is also posssible to send a mail to the user, once he has entered his username and password on the login page.
In this mail the user can click on Click to Confirm and his Workspace will be opened in his browser.

For this setup an example script is available, use:

CODE 
sh /opt/visulox/setup/actionscripts/mfaConfirmationViaEmailLink.sh setup

With this setup:

  • The webservice is enabled and started

  • An actionscript for external MFA via email link is added


    Within this script $VLXUTIL/confirmStatus.tcl -uuid $VLXACKNOWLEDGEUUID is used for external MFA via email links.

  • An example Login Policy for external MFA is added and the actionscript is assigned

User login

After the user assigned to this Login Policy has entered his credentials, the following page is displayed:


The user will get the following mail, where he can confirm the login:



After confirmation the Workspace is opened directly.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close