I got this request from a partner who asks if there is anyone in PTC or Partner community who implemented a 2 steps verification of Windchill authentication? The process is something like: The user submits his credentials The systems sends an SMS with a OTP or asks to enter one generated by a mobile app The system asks to enter the OTP before letting the user access the system I don't think we support anything OOTB, but maybe someone integrated a third party solution workiing with Windchill or our SSO architecture supporting this process.

7-Bedrock

Question

Implementing 2-Factor authentication with Windchill

Forum|Forum|6 years ago
June 14, 2019
2 replies
5921 views

I got this request from a partner who asks if there is anyone in PTC or Partner community who implemented a 2 steps verification of Windchill authentication? The process is something like:

The user submits his credentials
The systems sends an SMS with a OTP or asks to enter one generated by a mobile app
The system asks to enter the OTP before letting the user access the system

I don't think we support anything OOTB, but maybe someone integrated a third party solution workiing with Windchill or our SSO architecture supporting this process.

avillanueva

23-Emerald I

We implemented two factor with a product called WikiD. Not a big fan of it but it works. Token is provided by a passcode generator registered to a user and PC pair. We are looking at a replacement with Duo. My experience with Duo is that is supports RSA token and mobile phone, text or email verification.

avillanueva

23-Emerald I

We recently change to DUO for 2FA. The first check is Active Directory. The ldap proxy then checks the DUO credentials and if not provided, does a push to mobile device or office phone. Works well. We will be testing form based authentication as an alternate if there are improvements in that manner.