enroll 2fa to thousands of users automating processes
play

Enroll 2FA to thousands of users Automating processes with - PowerPoint PPT Presentation

Dec 28, 2023 •41 likes •311 views

Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Klbel About Cornelius Cornelius Klbel 2FA since 2005 Smartcards, Aladdin eT oken, privacyIDEA since 2014

  1. Enroll 2FA to thousands of users Automating processes with privacyIDEA FOSDEM 2018 Cornelius Kölbel

  2. About Cornelius ● Cornelius Kölbel ● 2FA since 2005 – Smartcards, Aladdin eT oken, privacyIDEA since 2014 ● Cornelius.koelbel@netknights.it ● @cornelinux ● @privacyidea

  3. Challenges ● 2FA for services offered by city administration

  4. Challenges ● End customers of electricity provider

  5. Challenges ● 2FA for all university students!

  6. Problems ● User will not come to admin desk ● User unknown ● User dislocated ● User not tech savvy

  7. Problems ● User shoud not copy

  8. Management and Authentication

  9. Network structure REST API, Web UI, CLI, DB Administration REST API, PAM, RADIUS, SAML, LDAP-Proxy Win Cred Prov

  10. privacyIDEA can manage different token types ● Key-fob T okens ● OTP Cards ● SMS, Email, Smartphone ● Yubikey ● U2F ● eT oken NG/OTP ● SSH Keys ● x.509-Certifjcates ● Meta-T okens (Forward, RADIUS, 4eyes) ● ...

  11. Structure of privacyIDEA ● UI on Webserver ● REST API on Webserver ● Library level ● Database level See: http://privacyidea.readthedocs.it

  12. Possible automations ● Database (SQL) ● Library-Calls ● REST API-Calls ● Event Handler

  13. library ● Python libs for all tasks. ● No need for REST API – No load on Webserver ● T ools for – expired users, – janitor for orphaned tokens

  14. Example: automation via library

  15. Call your API – POST /validate/check – POST /token/init – GET /token/ – DELETE /token/OATH12344 See: http://privacyidea.readthedocs.it

  16. Example: API automation Generate tokens for users

  17. Automation via Event Handler ● Trigger additional action

  18. privacyIDEA HTTP Request 1. Pre policies (exceptions) 2. Request 3. Post policies (exceptions) → Response 4. Event Handler triggers additional action

  19. ingredients ● Connected API calls ● Handler Module (notifjcation, token, script, federation) ● Conditions ● Action with options

  20. Example Event Handler ● If a paper token is generated by an administrator, the token will be disabled. ● It will be enabled if, the user authenticates with a registration code. ● The user gets notifjed, when his registration code is used.

  21. Example: Event Handler ● T o support external workfmow, set arbitrary token attribute...

  22. Example: Event Handler ● ...and run an external script!

  23. Example: Event Handler ● (API call) /token/init of registration code ● triggers script to print welcome letter

  24. Example: Event Handler ● /token/assign yubikey ● triggers token handler to set token attribute (needs shipping)

  25. Graduate students: T oken Janitor ● T oken janitor can fjnd and disable/delete unused tokens

  26. Succesful 2FA is a matter of smooth workfmows

  27. ● https://privacyidea.org ● https://github.com/privacyidea ● @privacyidea ● @cornelinux ● Cornelius.koelbel@netknights.it

Recommend

Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA

Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA

<location, date> < Location , date> Reversing Labs // June 2020 Git Your YARA For Nothing and Your Malware for Free Automating Scanning with thousands of YARA rules Cooper Quintin - Senior Security Researcher - EFF Threat Lab

1.01k views • 22 slides
P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her is one of t he core OS responsibilit ies Cont rol access of processes or users t o resources of t he comput er syst em (HW Last Modif ied:

384 views • 11 slides
Automating User-Centered Design of Data- Intensive Processes Research Project Report (RPR)

Automating User-Centered Design of Data- Intensive Processes Research Project Report (RPR)

Automating User-Centered Design of Data- Intensive Processes Research Project Report (RPR) Vasileios Theodorou 26-05-2015 Host University Home University Coadvisor: Supervisor: Supervisor: Dr. Maik Thiele Prof. Alberto Abell Prof.

511 views • 17 slides
CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes

CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes

CSN11121 System Administration and Forensics Week 3 : Users, Permissions, Processes, and Pipes Week 3 : Users, Permissions, Processes, and Pipes Module Leader: Dr Gordon Russell Lecturers: G. Russell, R.Ludwiniak Aliases: CSN11122 (Distance

644 views • 51 slides
AUTOMATING GIS PROCESSES Course code GEOG-329 10 ECTS in total Period 1 Basics of programming,

AUTOMATING GIS PROCESSES Course code GEOG-329 10 ECTS in total Period 1 Basics of programming,

AUTOMATING GIS PROCESSES Course code GEOG-329 10 ECTS in total Period 1 Basics of programming, data analysis and visualization (Geo-Python) https://geo-python.github.io Period 2 Spatial data management, analysis and visualization (AutoGIS)

332 views • 15 slides
Automating batch fecundity measurements Automating batch fecundity measurements using digital

Automating batch fecundity measurements Automating batch fecundity measurements using digital

W orking Group on Acoustic and Egg Surveys for Sardine and Anchovy in I CES Areas VI I I and I X, Nantes, 2 4 -2 8 / 1 1 / 2 0 0 8 Automating batch fecundity measurements Automating batch fecundity measurements using digital image analysis

391 views • 13 slides
EDUCATION PAYS Ms. Hill $$$!!! ENROLL today at

EDUCATION PAYS Ms. Hill $$$!!! ENROLL today at

PREPARING GRADES 6 THROUGH 12 FOR COLLEGE AND CAREER!! IS THE TREAT IN YOUR FUTURE!! COLLEGE EDUCATION PAYS Ms. Hill $$$!!! ENROLL today at http://hectalentsearch.weebly.com/enroll-in-trio.html l What is HEC TRiO Educational Talent

214 views • 8 slides
Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III,

Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III,

Get Covered Ohio: Working with Enroll America to Maximize Enrollment Hugh F. Trey Daly III, Ohio State Director, Enroll America 513-659-0187 tdaly@enrollamerica.org Enroll America will help deliver on the promise of affordable health

476 views • 43 slides
A brand new way of building, deploying, and servicing Windows Millions 10s of thousands

A brand new way of building, deploying, and servicing Windows Millions 10s of thousands

A brand new way of building, deploying, and servicing Windows Millions 10s of thousands Users Broad Microsoft Engineering Microsoft Insider Preview builds internal Branch validation Time ~6 months Unmatched flexibility and

486 views • 21 slides
Available Processes Process Name Process Feature C18A6 0.18 CMOS H18A6 0.18 HV-CMOS

Available Processes Process Name Process Feature C18A6 0.18 CMOS H18A6 0.18 HV-CMOS

C ircuits M ulti- P rojets Technology Processes & Runs in 2015 MPW Services Center for IC / MEMS Prototyping http://cmp.imag.fr Grenoble - France CMP annual users meeting, 4 Feb. 2016, PARIS Available Processes Process Name Process

440 views • 15 slides
Statistical Modeling of UNIX Statistical Modeling of UNIX Users and Processes With Users and

Statistical Modeling of UNIX Statistical Modeling of UNIX Users and Processes With Users and

Statistical Modeling of UNIX Statistical Modeling of UNIX Users and Processes With Users and Processes With Application to Computer Application to Computer Intrusion Detection Intrusion Detection Wen-Hua Ju 1 Acknowledgement

798 views • 27 slides
bNesis Easy. Safe. Reliable. About There are thousands of clouds, social networks, analytics,

bNesis Easy. Safe. Reliable. About There are thousands of clouds, social networks, analytics,

bNesis Easy. Safe. Reliable. About There are thousands of clouds, social networks, analytics, marketing and management services all over the world. 99% of them are regional. Russia USA China India Each regional player has millions of users

379 views • 15 slides
RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams exams 1 THE THE exams exams PACKAGE PACKAGE by @AchimZeileis and others, Statistics, Universitt Innsbruck www.r-exams.org latest release

379 views • 14 slides
Automating the Automating the configuration of flow configuration of flow monitoring probes

Automating the Automating the configuration of flow configuration of flow monitoring probes

Zurich Research Laboratory Automating the Automating the configuration of flow configuration of flow monitoring probes monitoring probes Xenofontas (Fontas) Dimitropoulos (xed@zurich.ibm.com) Andreas Kind (ank@zurich.ibm.com) IBM | Dec 07

303 views • 14 slides
Automating Authority Work Automating authority work, or, Be your own authority control vendor

Automating Authority Work Automating authority work, or, Be your own authority control vendor

Mike Monaco Coordinator, Cataloging Services May 14, 2018 Automating Authority Work Automating authority work, or, Be your own authority control vendor Ohio Valley Group of Technical Services Librarians Mike Monaco 2018 Conference, May

1.06k views • 67 slides
Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem

Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem

Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem Replacing the current paper/fax based accreditation system Automating what can be automated Providing a better user experience Improving

232 views • 8 slides
America Enroll America will help deliver on the promise of affordable health care for millions of

America Enroll America will help deliver on the promise of affordable health care for millions of

Connecting Millions of Americans with Health Coverage: Enrollment and Messaging Work Martine Apodaca, Director, Public Education Campaign, Enroll America Enroll America will help deliver on the promise of affordable health care for millions of

520 views • 34 slides
Campus Solutions MCS1004 MDConnect Enrollment Processes Course Summary Registering student in

Campus Solutions MCS1004 MDConnect Enrollment Processes Course Summary Registering student in

Campus Solutions MCS1004 MDConnect Enrollment Processes Course Summary Registering student in classes using the quick enroll or enrollment request process Audience: Student Services and Academic Personnel who assist students in

1.23k views • 96 slides
Automating the Crossword Testing Web Games at the New York Times Phil Wells @thephilwells

Automating the Crossword Testing Web Games at the New York Times Phil Wells @thephilwells

Automating the Crossword Testing Web Games at the New York Times Phil Wells @thephilwells phil.wells@nytimes.com October 2019 1 Games at the New York Times Team composition and processes Cross-functional team building games for

822 views • 63 slides
Automating the NDR Kerry Blinston: Global Commercial Director Introduction What is

Automating the NDR Kerry Blinston: Global Commercial Director Introduction What is

Automating the NDR Kerry Blinston: Global Commercial Director Introduction What is automation? Why bother? Implications for the NDR community How do we address them? 2 CGG: Automating the NDR Public What is automation?

722 views • 19 slides
Bayesian Optimization of Gaussian Processes applied to Performance Tuning Ramki Ramakrishna

Bayesian Optimization of Gaussian Processes applied to Performance Tuning Ramki Ramakrishna

Bayesian Optimization of Gaussian Processes applied to Performance Tuning Ramki Ramakrishna @ysr1729 #TwitterVMTeam QCon Sao Paulo, 2019 A JVM Engineer talks to a Data Scientist 2 Many Hundreds of Services Several Tens of Thousands

1.97k views • 60 slides
Automating MySQL Deployments on Kubernetes Calin Don & Flavius Mecea Presslabs Automating

Automating MySQL Deployments on Kubernetes Calin Don & Flavius Mecea Presslabs Automating

Automating MySQL Deployments on Kubernetes Calin Don & Flavius Mecea Presslabs Automating MySQL Deployments on Kubernetes Percona Live 2018 00. Who are we? Calin Don Flavius Mecea Co-founder & CTO Project Lead @Presslabs

595 views • 40 slides
Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes

Implementing Processes Implementing Processes Review: Threads vs vs. Processes . Processes Review: Threads 1. The process is a kernel abstraction for an independent executing program. includes at least one thread of control data also

416 views • 12 slides
Session Objectives Improve the safety of your patients Ensure compliance with regulatory

Session Objectives Improve the safety of your patients Ensure compliance with regulatory

Automating Informed Consent Automating Informed Consent Are You Overlooking a Safety Opportunity? Are You Overlooking a Safety Opportunity? Automating Informed Consent Are You Overlooking a Safety Opportunity? Neil H. Baum, MD

446 views • 27 slides

More recommend