Post

2 followers Follow
0
Avatar

2 factor authentication

Question from customer: 

We will be using Okta for Single Sign On going forward.
We will force 2FA for all connections not originating from our office network
Please advise how our Excel Plugin will work going forward? Does 2 factor authentication makes it different than any other SSO?

Bea Genthner Answered

Please sign in to leave a comment.

3 comments

0
Avatar

Hi Bea,

When configured for federal authentication, the Excel add-in only logs in to Clarizen once, and acquires an OAUTH token used from then on, unless the user explicitly logs out from the Excel add-in.

I assume 2FA will work on the first login if applicable (performed outside the office network). Once the token was acquired, communication will be done directly with Clarizen using the token (without explicitly logging in).

Another option you have is to allow API access so you can still login with Clarizen User name/password when using the Excel add-in.

Hope this helps,

Ophir 

Ophir Kenig 0 votes
Comment actions Permalink
0
Avatar

Hi Ophir,

 

The customer came back asking additional questions:

"How do you allow API access?‎ You state you assume 2FA will work on the first login if applicable (performed outside the office network). Once the token was acquired, communication will be done directly with Clarizen using the token (without explicitly logging in)."

 

Bea Genthner 0 votes
Comment actions Permalink
0
Avatar

Hi Bea,

API access is possible with either user name/password or with an OAUTH token.

When checking federated authentication in the Excel add-in it acquires an OAUTH token.
Acquiring such a token requires logging in to Clarizen with a browser window inside Excel (that's when federated authentication, possibly with 2FA, comes in), but once the token is acquired the Excel add-in uses is directly against the Clarizen API.

Hope this explains it.

Ophir

Ophir Kenig 0 votes
Comment actions Permalink