Streamlining Multi Factor Authentication (MFA) for Novomatic AG in Crowd Connected Environment
The Novomatic AG Group, operating in approximately 50 countries, stands as one of the largest international producers, operators, and exporters of gaming technologies, solutions, and equipment.
The Requirements:
Novomatic required a robust Multi-Factor Authentication (MFA) system that could integrate seamlessly with all the Atlassian applications including Jira, Confluence, Bitbucket and Crowd.
Their primary goal was to enable a unified MFA experience across all Crowd connected applications, eliminating the inconvenience of redundant authentication.
To improve security and streamline operations, Novomatic had established specialized teams responsible for tasks like monitoring login activities by IPs, overseeing 2FA for users and groups, and configuring global settings.
However, these teams lacked admin privileges, hampering their effectiveness in performing assigned duties. As a solution, Novomatic sought to grant controlled access to certain functions for these non-administrative teams.
They also wanted support for multiple Yubikeys for user authentication to ensure accessibility and flexibility.
The Challenge:
Novomatic manages its users centrally in Crowd and utilizes Crowd Authentication to establish a unified authentication source for all users. This setup also enables admins to oversee access for all applications directly from Crowd. However, this setup proved to be a challenge for us as we tried to satisfy their requirements.
The Solution:
To meet Novomatic’s comprehensive needs, miniOrange developed a custom solution encompassing several key functionalities
- One-Time 2FA Validation: This feature synchronizes users' Crowd authentication sessions and 2FA sessions, ensuring that completing MFA for one application authenticates the user across all other Crowd-connected applications within the session. This synchronization boosts security and user experience by minimizing redundant authentication requests.
- Role-Based Access Control for Security Functions: To resolve the challenges encountered by Novomatic's specialized teams, tasked with monitoring activities and configurations, we introduced a feature that grants non-admin users access to specific plugin pages based on their user groups. Administrators have the flexibility to grant view-only or edit access to these non-administrator users or groups. This functionality empowers designated teams to carry out their responsibilities efficiently while upholding overall system integrity.
- Multiple YubiKey Integration: Recognizing the need for backup options and flexibility in authentication methods, our solution supported the use of multiple YubiKeys. This feature ensured seamless switching between keys, enhancing both user convenience and security.
The Solution at Work:
In a Crowd-managed environment, authentication sessions are shared across all connected applications. Following this principle, miniOrange's solution extends the Multi-Factor Authentication (MFA) session to other connected applications.
The MFA plugin installed on these applications verifies the session, evaluates the user's access rights, and grants login permission accordingly. Additionally, miniOrange's MFA solution confines the shared session to the same browser, ensuring no security vulnerabilities are left exposed.
Benefits of the Solution:
The implementation of miniOrange’s MFA solution delivered multiple benefits:
- Streamlined User Experience: Users can authenticate once per session for all Crowd-connected applications, both first and second factor, significantly simplifying the login process and enhancing productivity.
- Empowered Teams: By granting specific access rights to non-admin teams, Novomatic enhanced its operational efficiency and security oversight without compromising system control.
- Increased Flexibility: The ability to use multiple YubiKeys provided users with backups and alternatives, preventing them from being locked out due to a misplaced or malfunctioning device.
Conclusion:
Novomatic AG’s partnership with miniOrange significantly enhanced their security framework while optimizing the user authentication process across multiple platforms. This case study demonstrates how tailored MFA solutions can effectively balance stringent security requirements with user convenience and operational efficiency, setting a benchmark in the gaming technology industry.
Your needs, Our solution:
Let's embark on a discovery call to explore how we can address your needs. Reach out to us at +1 978 658 9387 or email your inquiries to info@xecurify.com. We're eager to discuss how we can move forward together.