I got this request from a partner who asks if there is anyone in PTC or Partner community who implemented a 2 steps verification of Windchill authentication? The process is something like:
We implemented two factor with a product called WikiD. Not a big fan of it but it works. Token is provided by a passcode generator registered to a user and PC pair. We are looking at a replacement with Duo. My experience with Duo is that is supports RSA token and mobile phone, text or email verification.
please take a look at the following link: https://prambanan-it.com/en/products/windchill-2-factor-authentication/
We recently change to DUO for 2FA. The first check is Active Directory. The ldap proxy then checks the DUO credentials and if not provided, does a push to mobile device or office phone. Works well. We will be testing form based authentication as an alternate if there are improvements in that manner.