Intercept-based multifactor authentication enrollment of clients as a network service
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
monitor a session at a firewall;
intercept a request for access to a resource while monitoring the session at the firewall;
determine that a user associated with the session is not enrolled for multifactor authentication;
trigger a workflow for a multifactor authentication client enrollment service provided by the firewall to initiate enrollment of the user for the multifactor authentication if the resource is associated with an authentication profile for multifactor authentication; and
allow access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined grace period of time prior to being required to complete the enrollment of the user for the multifactor authentication; and
register each authentication factor of the multifactor authentication only one time per user using the multifactor authentication client enrollment service, independent of a number of applications or resources protected by the multifactor authentication, wherein the firewall enforces an authentication policy that includes one or more multifactor authentication rules for the resource and one or more distinct multifactor authentication rules for another resource; and
a memory coupled to the processor and configured to provide the processor with instructions.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for intercept-based multifactor authentication client enrollment as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for intercept-based multifactor authentication client enrollment as a network service includes monitoring a session at a firewall, intercepting a request for access to a resource while monitoring the session at the firewall, determining that a user associated with the session is not enrolled for multifactor authentication, and initiating enrollment of the user for the multifactor authentication.
-
Citations
20 Claims
-
1. A system, comprising:
-
a processor configured to; monitor a session at a firewall; intercept a request for access to a resource while monitoring the session at the firewall; determine that a user associated with the session is not enrolled for multifactor authentication; trigger a workflow for a multifactor authentication client enrollment service provided by the firewall to initiate enrollment of the user for the multifactor authentication if the resource is associated with an authentication profile for multifactor authentication; and allow access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined grace period of time prior to being required to complete the enrollment of the user for the multifactor authentication; and register each authentication factor of the multifactor authentication only one time per user using the multifactor authentication client enrollment service, independent of a number of applications or resources protected by the multifactor authentication, wherein the firewall enforces an authentication policy that includes one or more multifactor authentication rules for the resource and one or more distinct multifactor authentication rules for another resource; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
monitoring a session at a firewall; intercepting a request for access to a resource while monitoring the session at the firewall; determining that a user associated with the session is not enrolled for multifactor authentication; triggering a workflow for a multifactor authentication client enrollment service provided by the firewall to initiate enrollment of the user for the multifactor authentication if the resource is associated with an authentication profile for multifactor authentication; and allowing access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined grace period of time prior to being required to complete the enrollment of the user for the multifactor authentication, and registering each authentication factor of the multifactor authentication only one time per user using the multifactor authentication client enrollment service, independent of a number of applications or resources protected by the multifactor authentication, wherein the firewall enforces an authentication policy that includes one or more multifactor authentication rules for the resource and one or more distinct multifactor authentication rules for another resource. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product, the computer program product being embodied in a non-transitory tangible computer readable storage medium and comprising computer instructions for:
-
monitoring a session at a firewall; intercepting a request for access to a resource while monitoring the session at the firewall; determining that a user associated with the session is not enrolled for multifactor authentication; triggering a workflow for a multifactor authentication client enrollment service provided by the firewall to initiate enrollment of the user for the multifactor authentication if the resource is associated with an authentication profile for multifactor authentication; and allowing access to the resource prior to completing the enrollment of the user for the multifactor authentication, wherein the user is allowed access to the resource for a predetermined grace period of time prior to being required to complete the enrollment of the user for the multifactor authentication, and registering each authentication factor of the multifactor authentication only one time per user using the multifactor authentication client enrollment service, independent of a number of applications or resources protected by the multifactor authentication, wherein the firewall enforces an authentication policy that includes one or more multifactor authentication rules for the resource and one or more distinct multifactor authentication rules for another resource. - View Dependent Claims (18, 19, 20)
-
Specification