The user persona validates their authentication with the code returned from authenticator app. The user persona interacts with their authenticator app, which returns a code used as the extra authentication factor. Vault returns a message advising that the authentication requires MFA. The user persona attempts authentication with Vault. The user persona uses the Vault API, CLI, or UI and their authentication application on an enrolled device. The admin persona configures the Vault environment. The diagram shows the Two-Phase MFA authentication workflow described in this tutorial. You will also run a Docker container running Vault in dev mode. To learn how Vault TOTP MFA works, you can use the hands on lab steps to spin up a virtual machine with a Windows Server with Active Directory. The user persona will authenticate with the Active Directory secrets engine and the authenticator application to authenticate with Vault. Vault users authenticating to Vault with the Active Directory secrets engine.
The admin persona performs the steps of this role in the hands-on scenario that is part of this tutorial. Vault cluster administrators with privileged policies to manageĪuth methods and secrets engines. You can leverage the built-in TOTP MFA method with an authenticator application to enhance security with an additional authentication factor.
It also features a built in TOTP MFA method. The Vault Login MFA functionality provides a means to link an auth method to additional authentication factors such as those offered by third party services. You need to enforce additional authentication method, such as a Time-Based One Time Password (TOTP).
Your organization uses the Vault Active Directory Auth Method to allow users to authenticate with Vault using their Active Directory credentials. Vault first introduced Login MFA in version 1.10.0 to offer support for multiple authentication factors with Vault auth methods.
0 kommentar(er)
