OKTA 登录小部件 MFA [英] OKTA Sign-In Widget MFA

问题描述

我找到了使用 OKTA 的登录小部件 构建 Angular 4 应用程序的教程.很棒，我向所有刚接触 OKTA 的人推荐它.

I found an tutorial to build an Angular 4 app with OKTA's Sign-in Widget. It is great, I recommend it for anyone who's new to OKTA.

您可以在以下网址找到它:

You can find it at this URL:

https://developer.okta.com/blog/2017/03/27/angular-okta-sign-in-widget

但是，我一直无法将小部件配置为适用于 MFA，并且找不到工作示例或相关文档.

However, I have been unable to configure the widget to work for MFA and was unable to find a working example or relevant documentation.

我不断收到这条消息:

{name: "OAUTH_ERROR", message: "客户端指定不提示，但客户端应用需要重新验证或 MFA."}

我查看了 Sign-In Widget 参考页面以及 github 项目并在 Stack Overflow 中搜索无济于事，所以我想我会在这里发布问题，看看是否有人有工作示例.

I checked out the Sign-In Widget reference page as well as the github project and searched in Stack Overflow to no avail so I figure I'd post the question here to see if anybody has a working example.

提前致谢！

推荐答案

您需要在 Okta 中配置多因素身份验证 (MFA) 的几个地方.在安全-> 身份验证-> 登录下的经典 UI 中.您需要创建一个新的 Okta 登录策略，添加规则并确保选中提示因素".然后您可以选择每个设备、每次、每个会话.您可以根据您的安全要求选择其中之一.此选择很重要，因为它可能与应用程序 MFA 设置冲突.

There are a few places that you need to configure Multifactor authentication(MFA) in Okta. In the Classic UI under Security->Authentication->SignOn. You need to create a new Okta Sign-On Policy, add a rule and make sure the "Prompt for Factor" is checked. You then have the choice of, Per Device, Every Time, Per Session. You select one of these depending on your security requirements. This selection is important as it may conflict with the application MFA settings.

您还需要转到安全性->多重因素->因子注册并创建一个新策略或编辑默认值并确保您至少有一个 Eligle 因子作为必需".我建议从短信开始.确保您也分配了适当的组.一开始可能只是分配每个人"，然后在你开始工作后慢慢放松.

You'll also need to go to Security->Mulitfactor->Factor Enrollment and create a new policy or edit the default and ensure that you have atleast one Eligle factor as 'required'. I'd suggest starting with SMS. Make sure that you have the appropriate groups assigned as well. To start maybe just assign "everyone" and then widdle down after you get it working.

接下来您需要为应用程序配置多因素.转到应用程序-> 应用程序并选择您的应用程序.然后选择登录".在页面底部，您需要添加一个允许 MFA 的规则.在为您的访问规则命名并添加任何其他必需的限制后，您需要添加一个访问规则，勾选提示因素"并选择您希望用户被要求提供另一个多因素的频率.这是棘手的部分，如果您在上面选择了每个设备，然后在此处选择每月一次"，则可能根本无法使用，或者您通过身份验证，然后在一个月后再次收到此错误.我认为有两种组合选择.
1)每次"和每天/每周/每月一次"选项或者2)每台设备"然后仅一次"

Next you need to configure multifactor for the application. Go to Applications->Applications and select your application. Then select the "Sign On". At the bottom of the page you need add a rule that will allow for MFA. After giving your access rule a name and adding any other required restrictions, you'll need to add an access rule, check off the "Prompt for factor" and select how often you want the user to be asked for another multifactor. This is the part that is tricky, if you selected Per device in the above and then here select "once a month", it possible that it won't work at all or that you get authenticated and then get this error a month later again. In my opinon to have two combination choices.
1) "Every Time" and a "Once a day/week/month" option or 2)"Per Device" and then "Only once"

无论如何，这就是我发现的.无论你做什么都不要做我所做的......选择每一次和一个月"，通过身份验证然后回来并将身份验证更改为每个设备"，然后在你完全完成后一个月后收到错误忘记它是如何配置的

This is what I found anyway. Whatever you do don't do what I did....Select "Every time and one month", get authenticated and then comeback and change the Authentication to "per Device" and then get the error a month later after you've completely forgetten how it was configured

这篇关于OKTA 登录小部件 MFA的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！