2FA or MFA support within Service Management
search cancel

2FA or MFA support within Service Management

book

Article ID: 124853

calendar_today

Updated On:

Products

CA Service Desk Manager - Unified Self Service CA Service Management - Service Desk Manager

Issue/Introduction

We wish to implement two factor authentication (2FA), also known as MFA (Multi-Factor Authentication) for our users.

Does CA Service Desk Manager/ITSM support OAuth 2.0?

Can it support authentication using Office 365 or Azure Active Directory?

Environment

Release: 14.1, 17.x
Component:  CA Service Management

Resolution

No current version of CA Service Desk Manager/ITSM has two factor authentication (2FA) built in to the web client interface.

A third party load balancer, such as an F5 hardware load balancer, can provide the two factor authentication out front, and then pass through to the normal CA SDM authentication channels. This external load balancer configuration is out of scope for CA Support to advise on. 

You may build two factor authentication interfaces onto the front end of Web Services if that is required - it is not out of the box though. 

Note that many users would prefer that Single Sign On (SSO) as the standard authentication channel for the ease of use.
Good security can be maintained via the use of TLS.
CA SDM/ITSM supports SSO and TLS.
Configuring Single-Sign-On (SSO) for Internet Information Server (IIS) 8.0 and CA Service Desk Manager (CA SDM) r12.9/14.1/17.x
How to Enable TLS 1.2 with CA EEM 12.6

CA Advanced Authentication provides two factor authentication for CA products, but there are no explicit references to CA SDM/ITSM in that product documentation. At the time of this knowledge document, it is unclear if it provides any solution for CA SDM.

Active Directory is supported for CA SDM as an authentication method. 
You would configure "External Authentication" to point to this source: 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/configuring-ca-service-catalog/enable-external-authentication-of-users.html

SAML authentication through Azure is also available as an option.  One could implement MFA in conjunction with Azure

Service Desk:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/administering-ca-service-desk-manager/enable-saml-authentication-for-ca-sdm.html

xFlow / Service Point:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/configure-the-xflow-interface/enable-saml-authentication-for-xflow-interface.html

Additional Information

CA Documentation
Enable SAML Authentication for CA SDM
Single Sign On (SSO) works for some CA Service Desk Manager (CA SDM) users, but does not for others

General Documentation on OAuth
OAuth
OAuth 2.0
What is OAuth? How the open authorization framework works

General Azure Documentation
Azure Active Directory - Home page

General 2FA/Multi-Factor Authentication Documentation
https://en.wikipedia.org/wiki/Multi-factor_authentication


 

Powered by Wolken Software