OOTB One time password / Two Factor Authentication
Dear all,
I have a small question and hopefully someone has solved this already. When I enable One Time Password via e-mail, only when the operator logs in for the first time -or- when (s)he needs to change the password (for example via Force new password on next logon), the e-mail with the OTP code will be send to that operator. In all other instances of logging in - from either the same terminal as well as from a different PC - the operator is logged in without Pega asking for the OTP.
Any ideas on the logic behind this?
I have tried on Pega 7.4, 8.2 and 8.3.
We did manage to set pyLongLivedToken in a DT pyChangePasswordOTPParams and verified it was called before pxSendOTP but it did not make any difference.
Alternatively: how do you override the OTP behavior using Custom Authentication Service? The page I keep getting directed to only mentions to create either activity or JSON service, but no further information on how to implement this.
Kindest regards,
Mario
DICTU
NL
Partially answering my own question: You need to add Multi-Factor authentication to the Authentication Service record as well (for example: "Platform Authentication", "Security Policies" add: "Multi-Factor Authentication").
Next step: how do I override the code generation and validation for the entire system?
DICTU
NL
Hi,
Not more than I stated before. You can add Two Factor Authentication in the Authentication Service rule (see image). But on how to implement different TFA implementations; I don't know. Documentation about it is horribly bad in my opinion.
LTI
IN
Hi,
We have similar requirement has anyone implemented the same.
we have enabled ootb using security policy but it works only on password changes. we need to authenticate using OTP everytime we login into pega.
Regards,
sajjad