NetIQ Access Manager 4.2 Integration with Advanced Authentication 5.4 for Multi Factor Authentication

The following screen-cast demonstrates the integration of NetIQ Access Manager 4.2 SP2 with NetIQ Advanced Authentication Framework for Multi Factor Authentication using Email OTP.

Special thanks to my colleagues Anupkumar Rajan & Ravi Kiran Jayanthi for helping me get some of the basics right on the Micro Focus Access Management products.

I hope some you’d find the screen-cast useful. Enjoy!

Useful links:
Micro Focus Home Page
NetIQ Access Manager Product Page
NetIQ Advanced Authentication Framework Product Page
NetIQ Products download Page
NetIQ Access Manager Documentation Page
Advanced Authentication Plugin for NetIQ Access Manager [Not required for NetIQ Access Manager 4.3]

ForgeRock Authenticator (OATH) in ForgeRock OpenAM 13

If you’re in possession of a Smart Phone that runs either the Apple iOS or Android, you may probably be interested to know that the ForgeRock’s newer version of its Access Management solution now has an Authenticator App for you. Once installed and the device registered with ForgeRock OpenAM 13, one could use this Mobile App to generate One Time Password to validate his/her identity and thereby gain access to resources protected by the OpenAM. Needless to add, the ForgeRock Authenticator Mobile App is available on Apple iTunes Store for the iOS users and the Google Playstore for the Android fans.

Once installed, you’ll see on your phone something close to what is in the picture below:


ForgeRockMobileAuthenticator

Here’s what I did with my copy of ForgeRock Authenticator App on my iPhone:

– Configured an Authentication Chain ‘myAuthChain’ in my OpenAM 13 instance
– The said chain consisted of two Authentication Modules namely DataStore & ForgeRock Authenticator (OATH)
– When a subject authenticates against the ‘myAuthChain’ Authentication Chain in OpenAM, he/she is prompted for the DataStore credentials (an embedded OpenDJ instance), which on success is followed by another prompt where the user can register his/her device (using QR Code), generate an OTP that can be used to gain access to the resources protected by OpenAM.

2FAForgeRockAuthenticator

If you are interested to see all of this in action, please spare five minutes to watch the video below.

Enjoy!

Related documents/videos:
ForgeRock Documentation
Smart Security Using Phone App Demo

ForgeRock OpenAM Multi Factor Authentication Using Adaptive Risk Authentication Module & OTP

In this episode, you’ll see ForgeRock OpenAM’s two factor authentication feature employing it’s Adaptive Risk Authentication Module instance and HOTP module instance

So in the video demonstration that follows this post, you’ll see a user attempting to login against an Authentication Chain (say ‘MyAuthChain’) which has three module instances namely (i) Data Store, (ii) Adaptive Risk and (iii) HOTP. If the user is able to supply the right credentials against the Data Store, he or she is allowed in without any further challenge. On the other hand, if the the attempt to authenticate against the first Module instance (Data Store) fails, then the user is prompted for additional credentials like One Time Password.

The following illustration might give a rough idea on the what’s discussed above and the video that follows might make it pretty clear.

MultiFactorAuthentcation

Enjoy!