Setting up Two-Factor Authentication (TFA)

Overview

PAM360 stores sensitive administrative passwords of enterprise resources in encrypted form in the database. Access to the data was earlier restricted by a single level of authentication - local authentication of PAM360 or the authentication of third party identity stores like ActiveDirectory or LDAP.

To introduce an extra level of security, PAM360 provides two-factor authentication. Users will have to authenticate through two successive stages to access the PAM360 web-interface. While the first authentication will be through the usual native authentication or AD / LDAP, the second level of authentication could be one of the following:

  • Leveraging PhoneFacotor - a phone-based authentication service
  • Leveraging RSA SecurID authentication as the second level of authentication
  • A one-time, randomly generated unique password sent by PAM360 to the user by Email
  • Google Authenticator
  • RADIUS server or Any RADIUS-compliant Authentication
  • Duo security
  • YubiKey
  • Microsoft Authenticator
  • Okta Verify Authenticator

This section explains how to enable two-factor authentication in PAM360.

Enabling Two-factor Authentication

Enabling two-factor authentication in PAM360 consists of two steps:

  1. Setting up two-factor authentication
  2. Specifying users for whom the two-factor authentication is to be enforced

Note: Two-factor authentication will take effect only if both the two steps are performed. Also, two-factor authentication will be applicable only for the users for whom it is enforced through Step 2. All other users will be allowed to login to PAM360 through the usual way.

Two-factor Authentication Options

Before enabling the two-factor authentication, decide on the technology you wish to use. At present PAM360 supports TFA through the following options:

  1. PhoneFactor Authentication
  2. RSA SecurID
  3. Google Authenticator
  4. Microsoft Authenticator
  5. Okta Verify TFA
  6. RADIUS server or Any RADIUS-compliant Authentication
  7. Duo security TFA
  8. YubiKey
  9. One time password through Email

Click the respective links to know more and proceed setting up the required TFA technology.

©2019, ZOHO Corp. All Rights Reserved.

Top