Setting up MFA

With the 2024.1 we’ve added a Multi-factor authentication.
When using it, external users will need to log in with an extra verification step. They'll get a code by email, which the app will check to allow access. The actual MFA connection is considered as the Wedia SSO.

To enable this feature on your project you will have to create a new SSO service called mfa (or as you want, keep in mind that the given name will be displayed on the BO login) and configure it as a redirection to “/sso/login.jspz”

image-20240220-173058.png

 

Then you will have to switch the value for this parameter : com.wedia.mfa.MFAConfig.SigninWithoutMFAAvailable which you can find on WXM_BO_Options.

When signin in without mfa is not available, the login to the app must be made by SSO or by MFA, the form will not be presented anymore, and rest signins by login password will be rejected.

If external applications (like pim applications) utilize REST sign-in with a login and password to access your DAM, and the parameter com.wedia.mfa.MFAConfig.SigninWithoutMFAAvailable is set to false, these external applications will no longer be able to authenticate in your DAM.

Applicative signin remains available even if com.wedia.mfa.MFAConfig.SigninWithoutMFAAvailable is set to false

 

To finish the MFA configuration, you will have to add a SSO decorator on the Rest api admin.

image-20240220-173951.png

You will have to create a decorator for the mfa provider (or the “providerName” provider) , and you have to add one additional property :

{ "isMfaProvider": true }