ArunGoswami007
Am going to reword this slightly..... The reason being I'd like "Microsoft to fill in the blanks".
Am going to suggest 100% what would work from CA SSO perspective.
CA SSO Side of flow. |
---|
- CA SSO will challenge the user for Credentials. CA SSO Web Agent will collect the user name / password / token.
- CA SSO Policy Server will validate the username / password with onPremise AD.
- CA SSO Policy Server will make a call to <Radius Server / EndPoint> using Radius Protocol to validate the Token.
- <Radius Server / EndPoint> validate Token and pass a response back to CA SSO Policy Server.
- CA SSO Policy Server based on the response back from <Radius Server / EndPoint>; will take a final call whether user is authentication OR not.
- If all is success, then CA SSO Policy Server would send IsAuthenticated() success to CA SSO Web Agent.
|
Where <Radius Server / EndPoint> can be any Security Vendor Solution that takes in a Radius Client Request for Token Validation.
e.g. for <Radius Server / EndPoint>
- MobilePass.
- ActivIdentity.
- OpenRadius.
- MFA with Radius Support enabled.
So my question is did we ask Microsoft on what kind of Radius Support would they have for MFA ?
Regards
Hubert