cancel
Showing results for 
Search instead for 
Did you mean: 

Just Say "Yes" to Multi-Factor Authentication

PaulNerger
Staff
Staff

Multi-Factor Authentication (MFA) is a common technique used by IT departments to secure access to applications.  MFA encompasses Two Factor Authentication or 2FA and is an authentication method that grants access to websites or applications only after the user presents two or more pieces of evidence (or factors) of who they are.  MFA protects user data-which may include personal identification or financial assets-from being accessed by unauthorized third parties that may have discovered, for example, a single password.  It sounds more complicated than it is, so let me give you an example.

You probably have automation that login to applications or websites in which a six-digit code is sent to your phone by the server you need to enter to gain access.  That's Mult-factor Authentication.  The first factor is your user name and password, something you know; the second factor is your mobile phone, something that you have.  You don't get access to the system until you can prove you have your phone by entering the six-digit code sent to your mobile phone.

But there are other techniques.  RSA hardware tokens generate a time-based code to prove that you physically possess the hardware token; again, it is MFA.  Many services on the Internet, such as Office 365 and Google Apps, use software authenticators that comply with standards as their MFA.  Once MFA is enabled for an application or service, it is much harder to hack.  Typically, these approaches use standard-based Authenticator Apps such as Microsoft or Google Authenticator.  There isn't a hardware token, but an app stores software tokens to generate the codes.

But what do you do about MFA for a Blue Prism Digital Worker?

Well, you could tell the IT department to turn off the MFA security, but I wouldn't recommend that.  It will cause InfoSec professionals to go ballistic.  You might be able to build yourself an authenticator app, but that will be a lot of work.  Or, you can "DX before you DIY" because you might be surprised.

There are two Assets on the DX that will perform MFA.

  • Our great friends at Reveal Group have created 2-Factor Authentication, which generates six-digit Time-based One-Time Password (TOTP) for use on Google or Microsoft.  It's a popular DX Asset and is straightforward to use.
  • And, our own @ewilson has created the Blue Prism Authenticator - 1.0.0, which generates token keys for Microsoft, Google, and many more apps.  Eric's new Asset requires more to set it up, but it is more flexible and can create keys at any length using either TOTP or HMAC-based One-Time Passwords (HTOP). 

So, the next time your automation needs to perform MFA or 2FA, just say, "Yes, of course, it's on the DX for download."

For more information on these two MFA Assets, just click on the links above which will take you to the DX.



------------------------------
Paul Nerger
VP Digital Exchange
Blue Prism
America/Los_Angeles
------------------------------
0 REPLIES 0