SSO, MFA & PAM Documentation

Use Case 3: On/Off Premise High Risk Single Sign-On (SSO), Multi-Factor Authentication (MFA) & Privileged Access Management (PAM)

Use Case 3 Scenario

Lets create a general set of policies to handle log in's from high risk (On/Off Premises) areas.

Policy examples

  1. Enrolled Devices will use Multi-Factor Authentication (MFA)
  2. On/Off Premises inside Geo-Fencing - Require 3 Factor (Username/Password + CAC Card + Fob)
  3. On/Off Premises privileged account access inside Geo-Fencing - Require 4 Factor (Username/Password + CAC Card + Facial + Fob)
  4. On/Off Premises outside Geo-Fencing - Require 5 Factor (Username/Password + CAC Card + Retina + Fob + Blood Sample)
  5. Logging into a High Risk privileged account access falls under PAM policies after MFA
  6. Emergency recovery not possible

Unknown Device Management Policies

  • Not enrolled in Multi-Factor Authentication - Default no access to resources for this policy
  • Possible Hack attempt
  • Logging on attempt outside policy can be terminated, reported, recorded or other action
  • Logging into a High Risk roles/account with unusual behavior
  • Potential normal work, but blocked until approved
SSO MFA Use Case 3