Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Two factor authentication for crx

jay1122
Level 1
Level 1

Hi Team,

  We are trying to implement MFA for AEM and referred this blog. 

However we are not sure how this can be done for crx explorer as well. 

 

http://localhost:4502/crx/explorer/index.jsp

 

Please can someone suggest any pointers?

 

Regards,

Jay 

1 Accepted Solution
Jineet_Vora
Correct answer by
Level 4
Level 4

Hello @jay1122,

Considering it is CRX Explorer where limited access (only admins) is required, what's the use case which requires you to set up MFA on CRX level? Generally MFA is for business users on AEM welcome page where they do not have access to CRX at all.

 

There should always be a back door entry. If anything goes wrong in MFA authentication how would admins be able to login to AEM CRX? Also, changing core login mechanism is highly risky.

Jineet

View solution in original post

5 Replies
Jineet_Vora
Correct answer by
Level 4
Level 4

Hello @jay1122,

Considering it is CRX Explorer where limited access (only admins) is required, what's the use case which requires you to set up MFA on CRX level? Generally MFA is for business users on AEM welcome page where they do not have access to CRX at all.

 

There should always be a back door entry. If anything goes wrong in MFA authentication how would admins be able to login to AEM CRX? Also, changing core login mechanism is highly risky.

Jineet

View solution in original post

jay1122
Level 1
Level 1
Hello @Jineet_Vora, Yes you are correct, biz users do not have access to crx explorer and only admins does. Our client is expecting to implement MFA and does not want to descope admin/developers We have multiple vendors accessing AEM so in our case it is understandable as to why client feels so..
Jineet_Vora
Level 4
Level 4
There should always be a back door entry. If anything goes wrong in MFA authentication how would admins be able to login to AEM CRX? Also, changing core login mechanism is highly risky.
Nikhil-Kumar
Community Advisor
Community Advisor

@jay1122 

For using MFA for crx/explorer you might need to touch the OOTB functionality as @Jineet_Vora  suggested which is not recommended or risky. 

@Jörg_Hoh @vanegi  Can you provide your views ?

Thanks,
Nikhil Kumar

Jörg_Hoh
Employee
Employee

Ah. the good old CRX Explorer ... I don't think that this is possible, because it solely relies purely on JCR authentication and does not use Sling.