One Button Login possible?

Feb 1 at 7:37 PM
Is it possible to hook this up with some form of One Button Login, such as SuperGluu(oxPush2)/ MFA app?

I'm thinking of the feature where a push notification is generated and sent to a registered device, thus the user has to press allow or deny (for example), allow if the user wants to accept or deny/reject if it does not recognize the login.
Feb 2 at 10:41 PM
Hi TheFlyingCorps

First of all, we thank you for evaluating this project, which is also Open Source. We are also grateful that you provided us good ideas for future developments.

As a reminder, at the outset this codex project was designed to allow anyone to secure access to business applications by leveraging Microsoft technologies such as ADFS Server (we are Gold partners).

The original idea, which remains valid, was not to rely on any third-party vendors to manage multi-factor authentication. For example with Microsoft Azure there is a perfectly operational solution (which I have also presented to TechDays 2014 in France). So, do not generate any additional cost.
We also want to rely solely on client standards and applications (MS Authenticator, Google Authenticator, ... oxPush2... maybe !)

There will be a new version (2.0) at the end of February 2017, which will include management tools (MMC Snappin, PowerShell commands).
For the authentication process, we will add different possibilities like:
  • The user can deactivate the MFA
  • Administrators will be able to disable the "auto registration" of the users and transmit the credentials by mail for example.
  • The base of the secret key enabling to generate the compatable key TOTP which is today RNG, can also be an RSA key with public key / private key).
With Windows 10, Windows 8/7, some mobile (IOS, Android, Windows 10) and ADDS / ADFS server 2016, it's possible to implement the "devices authentication" either with Intune in azure or with any MDM or the solutions Integrated with SCVMM.

However, your remark is very interesting, we will consider it for future integration.
Adding an additional option, generating a PKI, and passing the private key to the device (as for device authentication), but only second factor with just a button to enable or reject access. Obviously we do not wish to "redo" an oxPush2.

If you have any additional information, let us know !

Best Regards
Marked as answer by redhook on 6/21/2017 at 10:47 AM