Integration with TOTP (MFA) Authentication
If you are already a user of Google Authenticator Multi-factor or Two-factor authentication and would like to configure PAM to use Google Auth, then please perform the following steps.
Please note that you will need to be able to access and modify files on the PAM host computer.
Contact your PAM System Administrator for assistance.
Pre-requisite: PAM must be deployed with and configured to use its Federated Sign-In component in order to integrate with multi-factor authentication providers.
- Log on to the PAM host computer.
- Open the file $PAM_HOME/web/conf/catalina.properties
- Uncomment the following line only when a single global MFA for the entire PAM is desired:
-
If you are using your own Database and not the PAM internal database, then modify the following lines. If you are using PAM’s internal database, then skip this step.
Copycas.authn.mfa.gauth.jpa.database.driverClass=org.apache.derby.jdbc.ClientDriver
cas.authn.mfa.gauth.jpa.database.dialect=org.hibernate.dialect.DerbyTenSevenDialectYou can find the values that need to be replaced in bold above from this same /catalina.properties file in the #PAM Database section. In this example, we would copy the SQL database parameters below and use them to replace those of the Derby database above.
Copyhibernate.dialect=org.hibernate.dialect.SQLServer2012Dialect
hibernate.connection.driver_class=com.microsoft.sqlserver.jdbc.SQLServerDriver -
Optionally, you may modify the following lines to customize the branding of the Authentication page. Update the parameters; numbers and letters only, no spaces are allowed.
Copycas.authn.mfa.gauth.issuer=Imprivata
cas.authn.mfa.gauth.label=ImprivataPAM -
When complete, save and close this file.
-
Restart the service PamManagement.
#cas.authn.mfa.globalProviderId=mfa-gauth
If you wish to enable different MFA providers for individual users or group, please read this article for additional information.
Once configured, refer to the following article Google Authenticator – How to Login as a User for steps on how to use Google Authenicator MFA with PAM from an end user’s perspective.