Get Started!

˂ Return to FAQ

How to configure different MFA providers (or none) for specific users or groups

If you want to enable different MFA providers for different users or groups, please review the following guide for configuration steps. A common scenario, would be you want internal users to use your default Duo MFA provider (or no MFA requirement at all), while external contractors are forced to use a free alternative like Google Authenticator.

To Configure Unique MFA Provider Requirements

For the purposes of this article, it is assumed that you have already configured the required Federated Sign-in Module and intergrated with your MFA provider(s). If you have not yet performed these required steps, please read the appropriate articles and return here when ready.

1

Login to XTAM with a System Administrator account

2

Navigate to Administration > MFA

3

Configure your user and group mapping as required. Use the Add, Edit and Delete option to manage the list of users or groups. For each user or group, select the desired MFA option from the dropdown. For ease of use, if you wish to apply the same MFA provider for all users, simply check the Default option and then your single Provider.

Note that XTAM pre-populates this table with all current system administrators (users or groups) with Provider: none meaning that system admins will not require MFA. You might want to change or retain this default configuration depending on your requirements.

4

Login to the XTAM host server and open the file $XTAM_HOME/web/conf/catalina.properties in a text editor.

5

Locate and comment out the following line(s):

cas.authn.mfa.globalProviderId=mfa-
6

Enable granular MFA configuration in the $XTAM_HOME/web/conf/catalina.properties by uncommenting the line:

cas.authn.mfa.groovyScript=.../web/webapps/xtam/WEB-INF/mfa/xtam-mfa.groovy

Depending on the XTAM host server, the path above (shortened to ) will be different.

7

Save and close the file $XTAM_HOME/web/conf/catalina.properties

8

Restart the PamManagement service (Windows) or the pammanager service (Linux) to complete the configuration.

 
 

Copyright © 2019 Xton Technologies, LLC. All rights reserved.