undefined | Better HN

0 pointstsimionescu5y ago0 comments

We have a very funny situation in our org, where AWS auth is setup using our MS domain, with app push-based MFA. However, the AWS MFA workflow seems to not know about push based notifications, so it asks for a verification code which can literally be anything. After you provide some code and click Verify, only then does it send the push notification, and the UI just freezes until you either accept the auth request or some timeout happens.

Not to mention, we actually have to provide the Domain password in the AWS UI, which seems to go against any kind of security I know...

0 comments

vladvasiliu5y ago

If you already have an MS domain you could set up SAML login with ADFS (tried this, works fairly well) or AWS SSO if you have a managed AD in AWS (may not be available in your region). Also works very well with AzureAD as the provider, if you use that synced to your on-prem AD.

j / k navigate · click thread line to collapse

0 pointstsimionescu5y ago0 comments

Not to mention, we actually have to provide the Domain password in the AWS UI, which seems to go against any kind of security I know...

0 comments

vladvasiliu5y ago

j / k navigate · click thread line to collapse