2 of 2 people found this helpful
Remedy SSO supports two factor authentication - Double authentication - Documentation for BMC Remedy Single Sign-On 9.1 - BMC Documentation
Otherwise you will probably need a custom AREA plugin that uses the login page Authentication field to accept the additional login key and process it (Any idea on how to implement 2 factor authentication for users to login in through the mid tier? )
1 of 1 people found this helpful
Just a thought
Create a custom form to enter authentication code.
Add two integer fields- one visible to user to actually enter the code received on mobile.
Second to generate new code each time for that user. - This code should be generated on window open action and right away submit action should store that code. (in form record and eventually in DB). Then form should be reopened in modify mode.
You can write particular formula for example - multiply day * month * year * hour *time and get last four digit of result of multiplication. This will give different result each time.
Add another character field on custom form to store phone number of user to fetch from people form.
On submit action, write filter to call run process to send sms to that phone number with code generated. (There are different tool where we can send sms through windows - you just need to call that run file through run process in filter.
Part 3) There should be some time decided when this code will be active. You can write an escalation to delete this record so that if code is put after decided time then login should fail.
Part 4). Once code is entered and values are matching then put some text in some character field (name - Validation Text), This is required just to correctly authenticate user and reroute to actual home page.
Part5). write active link on close window where you check if Validation Text field has correct text set in part 4 otherwise reroute back to same form with modify mode again. Consider a scenario if user is trying to route to actual remedy homepage through custom form. In this case if validation text is not right then you will be redirected again to same page. Also in else part (where validation text is correct then write open window action to landing console and close this custom form.
i had done the following for a test. please correct me where i am wrong:
1. I create a Regular form where it had Generated OTP, Mobile Number, Enter OTP, Validation Field and a Confirm_Login button.
2. When user click on the login button from the Remedy login.jsp page then he directed to the Landing console hence i wrote an AL on Landing Console on OPEN WIndow Action which will open my OTPCUSTOM form.
3. After that On Custom form first active link will generate the OTP through SQL set field command :"
and set this value to "Generated OTP" field. Also set the values of mobile number and Email ID from people form by using USER ID
4. Next Active Link on WIndow open itself push the generated details on the same form and create a new request
5. Then a filter on SUbmit will trigger an email to user over his email id . Right now i don't have any SMS gateway integration so trying to user email communication
6. user will check OTP from his email and will enter in the "ENter OTP Field" on the same form.
7. If OTP is Valid then it will set the Validation Check Field to Validated
8. If Validation is OK then User will be redirected to the HOME PAGE through RUN PROCESS command
Kindly correct me if i am doing something wrong.
Also i am facing a challenge if i am write an AL on Landing console to Open my OTP Custom field. We know if users will click on the HOme page from incident form or any other form then they will be redirected to the Landing Console hence if i will write the AL on the same form window open action then they will be visible with the OTP form again and again.
My Concerns ARE:
1. What to do if user manually closing the window by clicking on close button from the Tab
2. is there any method or way to Direct the user Directly to the OTP form, direct from Login.jsp ?
Any recommendation over this ?
1 of 1 people found this helpful
You can't rely on Active Links to enforce security - what happens when a client that does not support them, such as driver or SmartIT, is used? They by-pass your extra checks. You need something that integrates with the Remedy login process such as the RSSO or AREA plugin options mentioned above.
Thanks a lot!
We are not using Smart Reporting and other components right now, we are on Remedy 8.1 and for time being this should be available for the Remedy only.
We are using AREA plugin to authenticate from AD. Could you please guide me how can i used AREA plugin to setup OTP based authentication ?
You're going to need to write your own AREA plugin to implement the OTP feature the way you want it to work. Documentation on the interfaces is here - AREA plug-ins introduction - Documentation for Remedy Action Request System 8.1 - BMC Documentation but it's not something I can help with I'm afraid.