Hello Patrick, > Le 19 juil. 2019 à 11:46, Patrick Proniewski > <[email protected]> a écrit : > > I'm quite surprised to be alone wanting to enroll more than one U2F or > Yubikey per user… >
I think that it’s not appropriate to have multiple active tokens if the main goal is to harden authentication using MFA. Maybe the best way to reduce support in case of lost token, is to provide at first 2 (or more) tokens (1 production and 1 backup) to the user and an organizational process where IT could quickly swap token on a user call and identity check. > Any hint appreciated. > Thanks, > > Patrick > >> On 15 Jul 2019, at 11:00, Patrick Proniewski >> <[email protected]> wrote: >> >> Hello, >> >> I'm pretty used to MFA as an admin and user but CAS's implementation is >> quite new to me. At work we have a brand new CAS install with providers >> enabled for MFA : gauth, yubikey, u2f. >> >> I would like to be able to store more than one physical token for some >> users: 2 or 3 yubikeys or 2 or 3 u2f key (not both). >> I've tried and hack/temper with database content where enrolled tokens are >> stored, but it was a complete failure. If I have more than one token >> enrolled for a given user, only one of them will work. >> >> I find it paramount to be able to store a backup 2FA token, and I'm pretty >> reluctant to user CAS MFA in production if I can give my +30K users a way to >> enroll more than 1 token. >> >> Thanks, >> >> Patrick > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/326F7E8E-326E-41C4-908D-EE0891594BA1%40univ-lyon2.fr. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DB5B1EC8-8C51-4C88-A769-FA5F57875244%40univ-lyon1.fr.
