Opening overview of MFA options offered by ForgeRock:
- E-mail / SMS OTP
- HOTP / TOTP (Authenticator)
- Push (Authenticator)
Discussion on areas wishing to be moved in to, using MFA for authorization as well as authentication, brief discussion of the new Transaction Authentication system.
Discussion on profile storage information, support for multiple devices & how to inject and propagate MFA-registered profiles during authorization.
Discussion on monitoring and tracking of requests through MFA endpoints.
Discussion on ForgeRock-provided libraries for MFA functionality, e.g. HOTP library, Push library to support customers building their own mobile apps.
Is ForgeRock going to support FIDO?
- The more people that request it, the sooner it will be built
- There's a non-FR supported login module available from GitHub
Can Push work with non-Amazon-SNS providers?
- Yes so long as their own PushDelegate is instantiated via the appropriate factory class as pointed to in the Push Service's config.
- Customers will need to request access to the code specifically for this purpose, JavaDoc should explain enough to developers to be able to construct their own delegates
See page on OTP, Push & FIDO, moving to passwordless using mobile apps for authentication for further information.