外部非云客户端 - 服务器应用程序的MFA [英] MFA for external non-cloud client-server application

问题描述

Hi Folks，

我们正在考虑将MFA用于内部和外部用户，包括我们软件应用程序的管理员。目前我们计划迁移到具有多租户安装的云（具有相应数据库实例的多个应用程序实例），
以及此，我们还有一些客户端将像以前一样进行内部部署安装，并且不希望转移到云端，但我们也希望它们具有多重因素。 [在这里通过内部部署，并不意味着这个应用程序将在Azure / cloud上，它将在客户的内部网或私人服务器上
]

We are contemplating the idea of using MFA for internal and external users including admins for our software application. Currently we are planning to move to cloud with multi-tenant installation (multiple application instances with respective database instances), along with this, we also have some clients who will have on-premise installation as before and do not want to move to cloud, but we want multi factor for them as well. [by on-premise here, does not mean that this application will be on azure / cloud, it will be on intranet or private server of the client]

1）请建议我们有什么样的选择来支持这个，特别是对于本地场景？

1) Please suggest what kind of options do we have to support this and specially for the on premise scenario?

2）是应用程序代理（https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy）是一个选项，但我不确定
这显然我们不想要任何额外的 内部硬件/许可证？

2) is application proxy (https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy) is an option, however I am not sure about this as apparently we do not want any additional  HW / licences on-premise?

3）是否可以从MFA捕获OTP /其他身份验证令牌并在自定义应用程序中使用它以允许访问应用程序或将它们重定向到申请通过AD验证后？

3) is it possible to capture the OTP/other authentication token from MFA and use it in custom application to allow access to the application or redirect them to the application after authenticating them through AD??

请指导。

推荐答案

如果它们完全在本地，建议的解决方案是
Azure多重身份验证服务器，与云中的Azure MFA不同。您可以在没有任何云MFA的情况下选择它，或者您可以将其与云MFA集成。如果您不希望它们同步到云，它仍然需要安装在其本地环境
上。 

If they are entirely on-premises the recommended solution is Azure Multi-Factor Authentication Server, which is different from Azure MFA in the cloud. You can choose to you it without any cloud MFA at all, or you can integrate it with the cloud MFA. It would still need to be installed on their on-premises environment if you don't want them synced to the cloud. 

可以设置OTP。以下是此指南。  https://docs.microsoft .com / zh-CN / azure / active-directory / authentication / concept-authentication-methods

It is possible to set up OTP. Here are the guidelines for this. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

另请参阅：  https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept -mfa-howitworks

See also, for reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

这篇关于外部非云客户端 - 服务器应用程序的MFA的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！