SSO, MFA & PAM Documentation

Use Case 2: Off Premise Single Sign-On (SSO), Multi-Factor Authentication (MFA) & Privileged Access Management (PAM)

Use Case 2 Scenario

Lets create a general set of policies to handle log in's from external (Off Premises) people.

Policy examples

  1. Enrolled Devices will use Multi-Factor Authentication (MFA)
  2. If the device is not enrolled in MFA, either enroll or block the device for access requests - Policy could require device being enrolled On Premises first prior to log in from external
  3. Off Premises inside Geo-Fencing - Require 2 Factor (Username/Password + CAC Card)
  4. Off Premises privileged account access inside Geo-Fencing - Require 3 Factor (Username/Password + CAC Card + Fob)
  5. Off Premises outside Geo-Fencing - Require 4 Factor (Username/Password + CAC Card + Retina + Fob)
  6. Logging into normal account requires only Multi-Factror Authentication
  7. Logging into a High Risk privileged account access falls under PAM policies after MFA
SSO MFA Use Case 2