Main Nav

Good Day,

 

We’re looking at our requirements for Two-Factor Auth in regards to several situations where we host web services offered to third parties. 

 

One solution that we wouldn’t mind trying to adopt is a SAML based solution so we could pick people to federate with that may already have a 2FA SAML implementation at their home institution.     One challenge we have is provisioning/funding issuing authentication tokens to these downstream third parties that have no local SAML/2FA solution.    In looking at the InCommon DUoSecurity offering, we’re still left with buying a token for each 3rd party and (probably more importantly) being responsible for token issuance.

 

http://www.protectnetwork.org/solutions/public-sso-cloud got mentioned as a possible soltion but I don’t see anyone like them offering 2FA.

 

Has anyone found a provider for outsourcing this two factor authentication of third parties?

 

Thanks,

Chris

--

Chris Green

UAB Information Security, 205-975-0842

 

Comments

If you're targeting InCommon schools, Duo Security (http://www.incommon.org/duo/) via Net+ might be an option? I can't tell from the brief information on the Net+ site if they could provide what you're looking for, but it seems at least worth a question to the vendor to see how deep their InCommon support actually goes.. 

-- 
Paul Erickson
Enterprise Architect
Information Services
University of Nebraska–Lincoln

tel:402 472 1657
http://is.unl.edu/        mailto:phe@unl.edu

Together, making the vision of UNL come alive through technology leadership

From: Chris Green <cmgreen@UAB.EDU>
Reply-To: EDUCAUSE Identity Management constituent group <IDM@LISTSERV.EDUCAUSE.EDU>
Date: Thursday, 15 November, 2012 09:03
To: EDUCAUSE Identity Management constituent group <IDM@LISTSERV.EDUCAUSE.EDU>
Subject: Two-Factor Auth/ SAML / Third-Parties

Good Day,

 

We’re looking at our requirements for Two-Factor Auth in regards to several situations where we host web services offered to third parties. 

 

One solution that we wouldn’t mind trying to adopt is a SAML based solution so we could pick people to federate with that may already have a 2FA SAML implementation at their home institution.     One challenge we have is provisioning/funding issuing authentication tokens to these downstream third parties that have no local SAML/2FA solution.    In looking at the InCommon DUoSecurity offering, we’re still left with buying a token for each 3rd party and (probably more importantly) being responsible for token issuance.

 

http://www.protectnetwork.org/solutions/public-sso-cloud got mentioned as a possible soltion but I don’t see anyone like them offering 2FA.

 

Has anyone found a provider for outsourcing this two factor authentication of third parties?

 

Thanks,

Chris

--

Chris Green

UAB Information Security, 205-975-0842

 

Sorry, re-read your message and realized Duo was the one you're already looked at.
Need more coffee. :)

Approachable/usable 2FA in a federated environment is certainly a major gap that begs a solution.

-- 
Paul Erickson
Enterprise Architect
Information Services
University of Nebraska–Lincoln

tel:402 472 1657
http://is.unl.edu/        mailto:phe@unl.edu

Together, making the vision of UNL come alive through technology leadership

From: Chris Green <cmgreen@UAB.EDU>
Reply-To: EDUCAUSE Identity Management constituent group <IDM@LISTSERV.EDUCAUSE.EDU>
Date: Thursday, 15 November, 2012 09:03
To: EDUCAUSE Identity Management constituent group <IDM@LISTSERV.EDUCAUSE.EDU>
Subject: Two-Factor Auth/ SAML / Third-Parties

Good Day,

 

We’re looking at our requirements for Two-Factor Auth in regards to several situations where we host web services offered to third parties. 

 

One solution that we wouldn’t mind trying to adopt is a SAML based solution so we could pick people to federate with that may already have a 2FA SAML implementation at their home institution.     One challenge we have is provisioning/funding issuing authentication tokens to these downstream third parties that have no local SAML/2FA solution.    In looking at the InCommon DUoSecurity offering, we’re still left with buying a token for each 3rd party and (probably more importantly) being responsible for token issuance.

 

http://www.protectnetwork.org/solutions/public-sso-cloud got mentioned as a possible soltion but I don’t see anyone like them offering 2FA.

 

Has anyone found a provider for outsourcing this two factor authentication of third parties?

 

Thanks,

Chris

--

Chris Green

UAB Information Security, 205-975-0842

 

Google offers 2FA.  Not sure if Google would work for your use case but the mobile app is free.

 

On 11/15/2012 12:21 PM, Tom Scavo wrote: > There's no shortage of SAML-based identity providers (IdPs) in higher > ed but you won't find many that can authenticate their users with two > factors. Even if they did, there's no standard way for those IdPs to > communicate back to the service that 2FA did in fact occur. (Since 2FA > technology is not widely deployed, there's no incentive to standardize > the protocol bits.) Our goal would be to validate each IdP is backed up by 2FA at setup. The problem we have is the application we are hosting has a hard two factor auth requirement and are looking for some way to issue tokens to a third party, preferably outsourced so we can pass the cost on directly to the application sponsor that don't fit the standard employee/staff/student licensing models. The thinking was that if we treated the application as a SAML SP, we can then front-end our own IdP function with the local two-factor solution and then bless the remote 2FA IdP on an as needed basis. Thanks, Chris
Message from caleb.racey@newcastle.ac.uk

I know you asked about outsourced 2factor auth but it’s worth being aware of the tiqr open source “pin via smartphone” project https://tiqr.org/   I’ve tried out the demo and the app and it looks a useful 2nd factor auth technique.

 

Regards

 

Cal

 

Caleb racey

ISS

Newcastle University  

 

 

 

 

Message from leifj@sunet.se

On 11/16/2012 12:30 PM, caleb racey wrote:

I know you asked about outsourced 2factor auth but it’s worth being aware of the tiqr open source “pin via smartphone” project https://tiqr.org/   I’ve tried out the demo and the app and it looks a useful 2nd factor auth technique.

 

Regards

 

Cal

 

Caleb racey

ISS

Newcastle University  

 

 

unitedid.org is aiming for an outsourced 2nd factor service. I can provide a handshake
on request. I know SURFnet is testing their stuff right now.

        Cheers Leif

 

 

You mentioned funding issues, but is anyone using SecureAuth?  This is something I had looked at a couple years ago and it seemed like a really good SSO/2FA/SAML/Mobile Apps based solution.

-Paul

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.