question

CraigGarland-2854 avatar image
0 Votes"
CraigGarland-2854 asked ·

Azure Secure LDAP and Third Party App

Hi Guys,

Hope some one can answer this question.

I have a third party application that support LDAP authentication but not 2FA/MFA. I was wondering if I could use Azure Secure LDAP to implement 2FA. This would require Azure Secure LDAP to response when a request was sent in the format of Username THEN password + OTP.

Most of the Article I have read about Azure Secure LDAP say that its design into integrate with other app and request the OTP separately.

If you know this can be done or even cannot be done can you let me know? Also if you have document on how to do it that would be great.

Thanks in advance.

Craig

azure-ad-multi-factor-authenticationazure-ad-domain-services
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MrAzureAD avatar image
0 Votes"
MrAzureAD answered ·

Hi Craig,

Neither ADDS nor Azure MFA can do this.
However, I do not see that as a service limitation. The concept you are describing sounds to me quite retro:
User convenience would not be great (user instructions, behavior for different MFA methods, error reporting).
From a security point of view, it is a risk as MFA credentials pass through the application and could be caught/used somewhere else.

I actually do not feel good anymore with letting users enter credentials into applications at all - and that is what is already happening with plain LDAP.

My strong recommendation is to have a talk with your 3rd party vendor and ask if it is possible / on the roadmap to use modern protocols (OAuth, OpenID Connect, SAML).

I know this can be hard sometimes ... but the line of arguments is pretty straight forward and any software vendor can hardly deny it.
Also modern protocols give you a Single Sign-On possibility - both a security and a user convenience improvement.

Greetings,
Tobias

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CraigGarland-2854 avatar image
0 Votes"
CraigGarland-2854 answered ·

Hi,

Tobais, thanks for you answer.

Although I agree with what you are saying, I unfortunately need a solution now. As the user credentials are always being enter into the application it does not increase the risk. It has already been raised to the vendor to implement this.

Originally I was hoping that there was some type of proxy server that could be placed in-front of the website that would managed Authentication before connecting to the website. Yet I cannot find any application of that type.

Thanks
Craig

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.