Page History
...
Note that a number of Identity Providers, for example LDAP being used for Active Directory access, might not accept repeatedly failed login attempts and might block the relevant user account.
Multi-factor Authentication
Identity Services can be used with Multi-factor Authentication (MFA). This includes to use two separate factors for authentication that are located in different media:
- User/password credentials are what a user remembers and manually types in the JOC Cockpit GUI.
- Certificates are located on the machine from which the user operates the browser to access the JOC Cockpit GUI.
- FIDO can be used for a variety of authentication methods, including use of roaming authenticators, for example a USB stick, and platform authenticators, for example from the OS or from a smart phone.
Find the following matrix of Identity Services for use as a first factor and a second factor:
| First Factory | Second Factor | |
|---|---|---|
| JOC | CERTIFICATE | FIDO |
| CERTIFICATE | FIDO | |
| FIDO | CERTIFICATE | |
| LDAP | CERTIFICATE | FIDO |
| LDAP-JOC | CERTIFICATE | FIDO |
| OIDC | CERTIFICATE | FIDO |
| OIDC-JOC | CERTIFICATE | FIDO |
| KEYCLOAK | CERTIFICATE | FIDO |
| KEYCLOAK-JOC | CERTIFICATE | FIDO |
Single Sign-On
The JS7 - OIDC Identity Service allows single sign-on for the underlying Identity Provider:
...
Overview
Content Tools