Multi-factor authentication for IBM Sterling B2B and MFT portfolio
IBM Sterling MFT and B2B collaboration suite of products (B2B integrator, File gateway, and connect: Direct) can use Sterling secure proxy and the Sterling external authentication server to implement multi-factor authentication.
IBM Sterling Secure Proxy and Sterling External Authentication server provide advanced edge security, both on-premises and in the cloud, for cross-industry enterprises that use Sterling B2B collaboration solutions for B2B integrations and Managed File transfers. And it will provide customers with a battery of security capabilities to protect their trusted zones from internet threats.
How does Dynamic user routing (Multi-factor authentication) works?
Dynamic routing is accomplished through the use of IBM Sterling Secure Proxy (SSP), IBM Sterling External Authentication Server (SEAS), and an LDAP system. Dynamic routing is supported by two Meta Information Parameters. Based on either the User ID or the Source IP Address (supported only for HTTP Protocol)
Supported protocols for dynamic routing: Connect: Direct, HTTP, FTP, and SFTP/SCP.
Steps involved:
- Migrate users from the current solution to LDAP.
- Users from existing solutions should be exported to SFG/B2Bi for authorization purposes.
- Prepare SFG/B2Bi to route user-supplied files.
- Configure SEAS to authenticate users and retrieve LDAP information from the destination system.
- Configure Proxy Adapters with Dynamic Routing in SSP Test before moving them to Production.
MFA approach mechanisms:
- SSP can be configured to accept SAML 2.0 tokens from an external Identity provider and authenticate users using those tokens via an external logon portal. Time-based One-time Password (TOTP), tokens, biometrics such as facial or retinal scans, text or email code, and so on are examples of this.
- Implementing one-time password (OTP) via SEAS custom exit, where an external provider’s plugin enables the OTP via text messages. Biometrics can also be implemented through a custom exit if your provider supports it.