Two-Factor Authentication (2FA/MFA) for CAS
CAS provides a secure application access and data protection solutions offered by CAS to access corporate data, applications and virtual desktops anytime, anywhere. It consolidates remote access solutions with a diverse Identity and Access Management capabilities to deliver a unified experience across all applications.
Enable miniOrange MFA for External RADIUS Servers
- Primary authentication initiates when the user enters the credentials in order to access the application.
- An authentication request is sent to miniOrange by the application.
- Based on the authentication request miniOrange sends the RADIUS Request to the external RADIUS Server (in this case CAS) to validate the intial request.
- Once the user's first level of authentication gets validated, the RADIUS Server will then send RADIUS Response to miniOrange.
- Then, miniOrange asks for the 2-factor authentication challenge to the user.
- User submits the response/code based on the second factor method selected.
- The user response (or second factor) is validated in miniOrange.
- On successful 2nd factor authentication the user is granted access to the application.
What are different 2FA/MFA methods for CAS supported by miniOrange?
miniOrange provides 15+ 2FA/MFA authentication methods for CAS: OTP over SMS-Email, Push Notification, Software Token, Google / Microsoft Authenticator etc. You can opt for any of the 2FA methods to secure your CAS. To integrate 2FA, you can enable RADIUS authentication in CAS and configure policies in miniOrange to enable or disable 2FA for users.
Connect with any External Directories
miniOrange provides user authentication from various external directories such as miniOrange Directory, Microsoft AD, Microsoft Entra ID/LDAP, AWS Cognito and many more.
Can't find your Directory? Contact us on idpsupport@xecurify.com
Enable Two-Factor Authentication (2FA)/MFA for CAS as RADIUS Server to extend security level.
1. Add CAS as External RADIUS Server
- Login to miniOrange Admin Console.
- From the dashboard navigation select User Store >> Add User Store.
- Select User Store type as Radius.
- Enter your Server Name.
- Enter Server Host or Host IP Address.
- Enter Server Port.
- Enter Shared Secret.
- Click Save.
2. Configure 2FA for CAS
2.1: Enable 2FA for Users of CAS app
- To enable 2FA for Users of CAS application. Go to Policies >> App Authentication Policy
- Click on Edit against the application you have configured.
- Enable the Enable 2-Factor Authentication (MFA) option.
- Click on Save.
2.2: Configure 2FA for your Endusers
- To enable 2FA/MFA for CAS endusers, go to 2-Factor Authentication >> 2FA Options For EndUsers.
- Select default Two-Factor authentication method for end users. Also, you can select particular 2FA methods, which you want to show on the end users dashboard.
- Once Done with the settings, click on Save to configure your 2FA settings.
2.3: Enduser 2FA Setup
- Login to End-User Dashboard using end user login URL.
- For Cloud Version: The login URL (branding url) which you have set.
- For On-Premise version: The login URL will be the same as of Admin Login URL.
- Select Setup 2FA from left panel. Then select any of the 2FA method available.
- For now, we have selected the SMS >> OTP OVER SMS as our 2FA method. You can explore the guide to setup other 2FA methods here.
- Enable the OTP over SMS if you have your phone number added under your profile section else click on Edit button.
- Enter you Phone Number along with the necessary country code and click on the SAVE button.