Anyone ever implement Impivata's Confirm ID as a push token authenticator ? We need to use this for authentication in conjunction with Active Directory. As far as I can tell it's very much like Duo but there is no specific documentation on how to implement.
Solved! Go to Solution.
I also would like to know how to implement some kind of push token authenticator in PCS, because they are an user friendly token, but I think the actual autentication protocols will not handle that kind of authentication well, because there will be a timeout in PCS in order to skip the primary server and move on to the second and third... if you increase the timeout to give time of push token authentication round trip, in case of the primary fail the failover to the second/third will by very slow and the users will see that as the service is not working.
Do they support RADIUS? If yes, you should be able configure that as the secondary auth server. What I am not sure about is how it will know to send the push token ack (dummy username & password; dummy password with the real username; real username with a keyword indicating a push).
I have not seen or worked with someone trying to do this; my comments, unfortunately, are just theoretical at this time.
It is configured as a simple Radius Server. Nothing more. It's a whole lot of magic how it works on the back end.
Just setup Imprivata as the Authentication Server, and your LDAPS Server(s) as the User Directory/Attribute server. (dont ever set up ldap as the secondary server). Make sure to configure the ips, shared secrets and ports on both the imprivata and Pulse secure side.
Use the Default Sign in page.
Thanks for the responses.