[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: RE: Google 2sv instead of Duo for MFA in Shibboleth IdP?
From: "Cantor, Scott" <cantor.2 () osu ! edu>
Date: 2016-10-21 0:20:59
Message-ID: 9846A6064BD102419D06814DD0D78DE112A5B408 () CIO-TNC-D2MBX02 ! osuad ! osu ! edu
[Download RAW message or body]
> I'm suppressing commentary, just posting the question: has anyone
> compared, evaluated or deployed Google authenticator 2sv and in their IdP
> or know to what extent it would be possible?
AFAIK, that's just OATH, and we're planning to eventually implement it, it just \
didn't make 3.3, Duo was the higher priority both for my campus and the community in \
general. Given a token store / API, the actual flow to implement the login should be \
very simple in 3.3, but per the FIDO conversation I just had with a couple of people \
on the list, there's the question of how the token management/enrollment is done and \
by whom.
I would ask Rich what he meant by "your users will hate you". Is that a reference to \
the point that using the OATH apps like this implies separate registration of the \
authenticator app with each OATH service?
Using Google *authentication* with the IdP is really a different thing entirely. I \
would think that takes some more thought around policy and such since that implies \
using Google accounts directly in place of your own.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic