Email Link Confirmation

Rafael_Manochio · October 3, 2024, 8:29pm

Hello!

I’m new to privacyIdea and have a specific case that I’d like to address.
I’m trying to enable MFA (Multi-Factor Authentication) on a VPN solution that uses RADIUS for authentication.

This solution does not support MFA methods that require prompt interaction, such as TOTP, etc.
Additionally, I cannot rely on the use of mobile devices for push notifications, etc.

I was thinking of using the email method (which is already configured and working), but instead of receiving a TOTP code, I would receive only a confirmation link.

Upon clicking it, access would be granted.

Is there a way to do this?
Do you have any other ideas?

Thank you in advance for your help.

cornelinux · October 5, 2024, 8:08pm

This is not possible.
We had the idea to implement it but did refrain:

github.com/privacyidea/privacyidea

Push EMail

opened 11:18AM - 30 Nov 23 UTC

closed 02:20PM - 23 May 24 UTC

cornelinux

Type: Idea! Prio: Low

With the PUSH token we deliver an authentication request to the user. By clickin…g yes and sending this yes to the privacyIDEA server, this authenitcation request is valid in the privacyIDEA server. We could use this building blocks to create an Email Token, that sends a link in an email to the user. Clicking the link would mark the authentication request as valid in the privacyIDEA server. The same workflow like with push tokens could continue. Plus side: The user would not have to enter anything. Down side: Besides security this could be confusing with all the windows: 1. User tries to e.g. login in browser window A with keycloak. 2. User has to open his email client and click ths link which would... 3. ...open a browser window B... 4. Then he would have to manually return to browser window A.

Rafael_Manochio · October 8, 2024, 1:30pm

Thank you for the information!

That’s really unfortunate, it would have been awesome!

Let’s suppose I do have the opportunity to use a smartphone, but I only need to approve access (just a yes or no). What method should I use?

cornelinux · October 10, 2024, 5:11am

You could use the push token.