Reference Guide
...
Multi-Factor Authentication
External MFA Providers
SecTrail MFA Integration
2min
To integrate Kron PAM with SecTrail, users must:
- Use Active Directory or Kron PAM Local accounts.
- Have mobile phone numbers in their accounts defined in Active Directory.
Kron PAM operates between Active Directory and SecTrail.
Kron PAM integrates with SecTrail via API, provided certain parameters are defined in Kron PAM:
- API key (the API key is created by SecTrail for each customer environment)
- Token Generate URL (OTP Messaging URL)
- Token Validation URL (OTP Validation URL)
To adjust the SecTrail Integration Settings:
- Navigate to Administration > System Configuration Manager.
- Set the following parameters: mfa.provider=sectrail (default: internal) mfa.external.provider.sectrail.apiUser=XXX (encrypted) mfa.external.provider.sectrail.apiKey=XXX (encrypted) mfa.external.provider.sectrail.generateTokenUrl=* (For example: https://1.2.3.4/externalwebservice) mfa.external.provider.sectrail.otpValidUrl=** (For Example: https://1.2.3.4/externalwebservice) mfa.external.provider.sectrail.httpHeaders= (default=“Content-Type:application/json” - Common header definition for both URLs) (Value can be parsed with enter for more than one header attribute)