2-Factor Authentication, Anyone?

Is anyone using 2FA for NAV? 
If so, can you share a little info on how you’re doing it?

——————————
Greg Enns
ERP Coordinator
Technical Prospects
Kaukauna WI
——————————

Hi Greg,

While I haven’t done it, it should be possible if you’re using NAV 2015 or newer with Office 365 / AAD authentication.

To my knowledge, most – if not all – O365 business plans now support 2FA, although it is not enabled by default. If you have configured NAV to use Office 365 credentials, it will present the standard O365 login page regardless of the client you are using (Windows/Web/Tablet/Phone). And if 2FA is required, the user will have to go through those steps to cross the bridge.

I hope this helps.

——————————
AJ Ansari
NAV Product Manager
InterDyn BMI
Houston TX
——————————
——————————————-

This seems like a really cool solution, especially if you are using RD Web to present NAV.

——————————
Joe Shields
Advanced Media Technologies
——————————
——————————————-

– I’d like to connect at NAVUG on this topic?  2FA is something we wish to deploy for our remote and mobile users, and we at trying to find the right balance with ease of use and security.  ?

——————————
Anthony Darden
Director of IT
Protective Industries, Inc.
Buffalo NY
——————————
——————————————-

Recent events have led us to look into the 2FA area as well.   We want to cover the whole network, not just NAV, but obviously NAV is a big part of what we want to add a layer of protection over.

I’ve been looking at Duo Security and AuthLite as possible solutions.   Does anyone have any experience with these?

We are hoping to use Yubikeys with perhaps the option to have a security code sent via text to a smart phone.

Open to suggestions/opinions!

——————————
Steven Hoag
I.T. Manager
Fashion Angels Enterprises, LLC
Milwaukee WI
——————————
——————————————-

We are using NAV 2017 on premise with Microsoft Azure.  Just today March 27, 2019 NAV requested that I enter my password again, my phone number, and my personal email.  It would not accept my business email.  So you might say 2-Factor Authentication was forced on us.  Did anyone else have this happen at their work?

——————————
Doug Mills
Business Systems Manager
DSI Underground
Salt Lake City UT
——————————
——————————————-

We have only rolled out to a few users at the moment. We use Duo.  I inherited this from the previous Director.  So at the moment, I do not have a deep understanding of this product over others. I know, he choose this one for plaform support. Meaning it more seamlessly works with more platforms. We are currently using with OFFICE 365 which includes new installs of Outlook, Teams, Skype for Business,  Outlook on Mobile, etc.  It is not currently required for OS login.

I know MFA is the big push. I use it for other things. I recently got a new phone and the transition period was a pain for me (forgot to turn off before factory resetting the phone). Luckily I had backup keys to reconnect my MFA (non Duo). I am not sure what it will be like for other users.

I have had this question if you require MFA can you compel end users to install the software on their personal phones. If not, and you do not and use fobs’  What is going to stop end users from hanging them from their monitor like a decoration.  We know they tape post its of their passwords there now.

I know I am being a negative Nelly  (no offense to the real Nellys out there).  We have password changes every month, we added no repeats, lock outs after 3 trys, enforce strong passwords, etc. Is there ever too much security?

——————————
Peter Lundrigan
Director of Business Systems
Barkley Ag Enterprises
Atwater CA
——————————
——————————————-

We have decided to use Duo Security for ease of setup, management and flexibility. We are using it provide another layer of security for remote access. We have not tried to tie it into NAV authentication at this point. The key is that everyone needs to have access to a cell phone.

——————————
Andrew Good
President
Liberty Grove Software
Oakbrook Terrace IL
——————————
——————————————-