Login and Access Security - What are our options

tornmarketing · April 20, 2023, 9:02am

With recent data breaches in our industry, I need to urgently secure mautic
Mautic as it stands does not comply with any cybersecurity insurance policies.

What options do we have within mautic to limit brute force attacks and broadly speaking implement a 2fa login process?

Be very happy with something basic such as an email/sms code,
followed up by social only login and lately an authenticator such as google authenticator.

Google authenticators being powerful but a big user barrier, and alot of config / user support

Only protection I have is the firewall/cloudflare and users being smart about their passwords.
Lastpass breach has all but made the smart passwords rule reliable

joeyk · April 21, 2023, 4:01pm

Hi,
As far as I know there is no reliable solution / plugin.
I would chip in if you come up with something.
The Google Authenticator plugin no longer works, although it was fine for years.
Joey

tornmarketing · April 22, 2023, 4:43am

Hey mate

Have you successfully played with the saml sso?
Haven’t found the best documentation online for this

Got Keycloak up and running

The SAML docs are rather thin tho

Stuck on generating the xml meta file as my mautic nginx setup keeps redirecting to the dashboard
https://your-mautic.com/saml/metadata.xml

Can’t find any tutorials or examples of what this metadata.xml is meant to look like for manual config

joeyk · April 22, 2023, 6:29am

No, I just wanted to do 2FA as step 1.

Topic		Replies	Views
2FA for Mautic - great plugin General Discussion	3	778	December 5, 2022
Security / SMS sending Product Support	9	288	September 28, 2022
SAML SSO with G Suite Product Support	8	1928	April 8, 2022
IDP sso General Discussion community , in-progress , development , mautic-3	1	667	July 8, 2020
How to login to Mautic automatically from my application Product Support	2	701	March 19, 2022

Login and Access Security - What are our options

Related Topics