Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
1
Replies

ISE CWA with SMS authentication

Go to solution
Mia1
Level 1
Level 1

‎06-18-2019 12:24 AM

Hi guys!

 

I have a question regarding CWA on ISE. We have a customer who want to do 2-factor authentication for internal users via CWA. 2FA works in with physical token authentication and with internal ISE users. The problem that we are facing is with authentication via SMS token.

 

So, the flow that customer wants would be the following: user enters PIN number and presses enter to get SMS token. Then the user needs to enter only the token which was sent to him by SMS. Each user is defined on 2FA vendor only (which is configured as an external identity source on ISE).

 

The issue that we are having is that 2FA vendor must send an SMS to a user (meaning that user needs to enter username, PIN and that hit enter). And then user is not prompted with token field only, but is prompted again with username and PIN.. and the whole thing works if user enters username again along with PIN and token which was sent to him by MFA. But this is not very user friendly..

 

I was wondering if there is possibility that token field only would appear on the portal after the username and PIN are entered. My idea was some kind of portal chaining where user first enters PIN on the first portal and then token on the second portal? Would that be possible? If not, what could be a solution to this?

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-18-2019 04:24 AM

We have no such integration or ability to change the flow. ISE SMS is only one way. No tokens or pins either. user signs up for an account and gets sent the credentials via SMS and/or email, that’s its

You can see some of the customization we have done at http://cs.co/ise-guest

The only thing close we have got to is to use the phone number as a username and sometimes auto-fill the username spot
Or maybe hide it

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-18-2019 04:24 AM

We have no such integration or ability to change the flow. ISE SMS is only one way. No tokens or pins either. user signs up for an account and gets sent the credentials via SMS and/or email, that’s its

You can see some of the customization we have done at http://cs.co/ise-guest

The only thing close we have got to is to use the phone number as a username and sometimes auto-fill the username spot
Or maybe hide it
0 Helpful
Customers Also Viewed These Support Documents