Expand my Community achievements bar.

SOLVED

Two factor authentication for crx

Avatar

Level 1

Hi Team,

  We are trying to implement MFA for AEM and referred this blog. 

However we are not sure how this can be done for crx explorer as well. 

 

http://localhost:4502/crx/explorer/index.jsp

 

Please can someone suggest any pointers?

 

Regards,

Jay 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hello @jay1122,

Considering it is CRX Explorer where limited access (only admins) is required, what's the use case which requires you to set up MFA on CRX level? Generally MFA is for business users on AEM welcome page where they do not have access to CRX at all.

 

There should always be a back door entry. If anything goes wrong in MFA authentication how would admins be able to login to AEM CRX? Also, changing core login mechanism is highly risky.

Jineet

View solution in original post

5 Replies

Avatar

Correct answer by
Community Advisor

Hello @jay1122,

Considering it is CRX Explorer where limited access (only admins) is required, what's the use case which requires you to set up MFA on CRX level? Generally MFA is for business users on AEM welcome page where they do not have access to CRX at all.

 

There should always be a back door entry. If anything goes wrong in MFA authentication how would admins be able to login to AEM CRX? Also, changing core login mechanism is highly risky.

Jineet

Avatar

Level 1
Hello @Jineet_Vora, Yes you are correct, biz users do not have access to crx explorer and only admins does. Our client is expecting to implement MFA and does not want to descope admin/developers We have multiple vendors accessing AEM so in our case it is understandable as to why client feels so..

Avatar

Community Advisor
There should always be a back door entry. If anything goes wrong in MFA authentication how would admins be able to login to AEM CRX? Also, changing core login mechanism is highly risky.

Avatar

Community Advisor

@jay1122 

For using MFA for crx/explorer you might need to touch the OOTB functionality as @Jineet_Vora  suggested which is not recommended or risky. 

@Jörg_Hoh @vanegi  Can you provide your views ?

Thanks,
Nikhil Kumar

Avatar

Employee Advisor

Ah. the good old CRX Explorer ... I don't think that this is possible, because it solely relies purely on JCR authentication and does not use Sling.