Acceptto Authentication

Secure your workforce identity with Acceptto end-to-end risk-based multiFactor authentication.

Start by visiting the Acceptto documentation.

Support is enabled by including the following module in the overlay:

1
2
3
4
5
<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-acceptto-mfa</artifactId>
  <version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-acceptto-mfa:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
  imports {
    mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
  }
}

dependencies {  
  implementation "org.apereo.cas:cas-server-support-acceptto-mfa"
}

The integration adds support for both multifactor authentication and QR passwordless authentication.

Integration with DBFP

The integration is able to handle the integration with DBFP and will set a cookie named jwt that is passed to the Acceptto API. This parameter contains a value that the server uses to assess the risk of authentication request including browser fingerprint, IP address of user and GPS location of the user’s browser. The server compares this data with the history of user behavior data to detect anomalies.

Configuration

The following settings and properties are available from the CAS configuration catalog:

The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.authn.mfa.acceptto.api-url=https://mfa.acceptto.com/api/v9/
  • Base URL for API calls to authenticate, fetch channels or verify responses.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.application-id=
  • Identifier of the application. When an organization creates an application in eGuardian dashboard this id gets generated.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.authn-selection-url=https://mfa.acceptto.com/mfa/index
  • URL of the Acceptto instance for authn discovery. This page allows the user to choose their second-factor authentication method. Based on the policies defined by relying party user has the option of using Push Notification, Text Message, Voice Call, TOTP for replying to the authentication request. As soon as users select Accept or Decline with the push, or verifies with a one-time passcode, they will get redirected back to callback url that was passed by the relying party.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.email-attribute=mail
  • The user attribute that collects the user's email address which the relying party wants to authenticate.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.organization-id=
  • Organization identifier.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.organization-secret=
  • Organization secret.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.registration-api-url=https://mfa.acceptto.com/api/integration/v1/mfa/authenticate
  • URL to the enrollment/registration API.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.secret=
  • Secret of the application. When an organization creates an application in eGuardian dashboard this secret gets generated.

    org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties.

  • cas.authn.mfa.acceptto.registration-api-public-key.location=
  • The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

    org.apereo.cas.configuration.model.SpringResourceProperties.

  • cas.authn.mfa.acceptto.bypass.groovy.location=
  • The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

    org.apereo.cas.configuration.model.support.mfa.GroovyMultifactorAuthenticationProviderBypassProperties.

  • cas.authn.mfa.acceptto.bypass.rest.url=
  • The endpoint URL to contact and retrieve attributes.

    org.apereo.cas.configuration.model.support.mfa.RestfulMultifactorAuthenticationProviderBypassProperties.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.