06-18-2019 12:24 AM
Hi guys!
I have a question regarding CWA on ISE. We have a customer who want to do 2-factor authentication for internal users via CWA. 2FA works in with physical token authentication and with internal ISE users. The problem that we are facing is with authentication via SMS token.
So, the flow that customer wants would be the following: user enters PIN number and presses enter to get SMS token. Then the user needs to enter only the token which was sent to him by SMS. Each user is defined on 2FA vendor only (which is configured as an external identity source on ISE).
The issue that we are having is that 2FA vendor must send an SMS to a user (meaning that user needs to enter username, PIN and that hit enter). And then user is not prompted with token field only, but is prompted again with username and PIN.. and the whole thing works if user enters username again along with PIN and token which was sent to him by MFA. But this is not very user friendly..
I was wondering if there is possibility that token field only would appear on the portal after the username and PIN are entered. My idea was some kind of portal chaining where user first enters PIN on the first portal and then token on the second portal? Would that be possible? If not, what could be a solution to this?
Solved! Go to Solution.
06-18-2019 04:24 AM
06-18-2019 04:24 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide