Thus one device owned by a user can be used across multiple completely unrelated identity services. By binding a device to environment a derived key is created that is associated with this specific environment. The core idea of the approach is: have one device that can be used in multiple different environments. Many vendors including Microsoft or Google support U2F based two factor authentication. This ticket is about the SSSD/client part of the story. As an owner of a modern Windows client system (v 10+) that is joined to Azure AD I want to be able to use my U2F device that is bound to an account in IdM that is in a trusted domain with AAD.I already have U2F token that I use for personal use and I want to reuse with my account in IdM. For security purposes I prefer to use 2FA authentication into my Linux systems. As small startup I want to use IdM for management of my Linux systems and resources.I want to be able to log into a Linux (Fedora, RHEL, CentOS) system running in the Azure cloud using same device and utilizing my accounts in AAD. As a Consumer of the Azure and Azure Active Directory (AAD) services where my accounts are stored I can login into a Windows 10 systems running in Azure using a U2F enabled device.Interesting security related discussion:.
0 Comments
Leave a Reply. |