Thank mspiers and flip for your replies. Actually before posting for help, I have already googled and went through the links provided by mspiers. However, I am new to how 2FA works (the concept) and needed confirmation and so I posted here to confirm my understandings. You have answered my questions flip. Thank you again.
... View more
Dear Community, I would like to implement PSA300 with Google authenticator as a secondary authentication. Primary authentication would be Microsoft AD. Before I make this proposal to my management, I would like to find out the following: 1. How does the PSA300 device generate the QR code? Is the QR code generated internally in the device or does is the device required to connect to some Google server to retrieve the QR code? 2. What are the firewall ports to open in order for the PSA device to communicate with the Google server? 3. What happens if the mobile phone with Google authenticator is misplaced? Does that mean that the one who picked up the mobile device can access the corporate network, assuming he/she bypass the Primary authentication? 4. If the mobile device is missing, how can the user continue to access the corporate network? eg: Can the user download Google authenticator on a new phone and start using it? 5. In terms of security, is Google authenticator secure enough to replace the "Standard" SMS 2FA? 6. Imagine this scenario, if the PSA300 is synced to a NTP source from asia and the end user is going on a holiday to Europe, there will be a time difference. In this scenario, user will need to set the time manually? On a corporate environment, it could be a hassle. Appreciate if I can have some advice. Thank you very much.
... View more