Multi-factor login authentication as a security option
It would be nice to be able to have a multi-factor login authentication as a security option. We have users who work in DocuWare while they are on the road and it would be nice to toggle this feature on/off per user as an extra layer of security.
Of course the security of our users is important to us.
As you have noticed, this idea still has the same status, but was not declined. That means we evaluate it regularly.
One reason why we have decided not to add this security feature yet is that we will first change the authentication flow.
As a first step, we introduced the Identity Service in the DocuWare Cloud with Version 7.3, which allows integration with Azure AD and the use of MFA there.
The next step is to force users to use SSO only. However, to ensure this, we still need to make some changes in our authentication flow.
We are also planning to bring these functions to DocuWare On-Premises.
Afterwards we will evaluate extending the login with DocuWare credentials with MFA/2FA.
We are constantly striving to improve our products and appreciate your feedback and contribution.
Hans Werner Hennes commented
When we became client, 2FA was promised this year. Nothing happened yet.
We are working with Apple , not Microsoft and therefor are very concerned about the security for our data.
Don't understand why this is so difficult. Even Joomla and other content management systems have 2FA possibilities.
I was considering DocuWare but with no MFA I may have to look elsewhere.
This is required by our data security auditor and is definitely stare of the art nowadays! plese provide a date until 2FA is possible finally. Many thanks!
2FA is strongly needed!
What is the status in MFA. Is it un the roadmap?
Mark S McMearty commented
This is needed, it looks like it will become an audit issue in a year or so
I have to admit some surprise that Docuware haven’t aleady implemented this. It’s a ‘must have’ when working with personal data.
It's not in the 7.1 release. Any update for implementing 2FA ?
Lack of MFA support is a really big issue with the current data protection climate. Please sort it out!
Henrique Goncalves commented
Any updates for implementation on 2FA/MFA?
Nate Howland commented
Many companies that assist with GDPR compliance list two-factor authentication for web apps as a "must have" best practice.
Kim Anthony LUna commented
I agree. Clients have been asking about 2 factor authentication for increased security.
2FA seems like a must to me, especially with the Cloud environment.
Not only nice, also important regarding GDPR!
Please implement this solution so that customers and admins are more secure. Without it, and without a proper password policy, people can login infinitely with the user/admin credentials. This is unsecure.
With TOTP/OTP/2FA solution people need the username, password and temporary code to login. This is way more secure.
Louis Marascio commented
This is a big gap in functionality in today's security environment. 2FA is a must have for any system that holds sensitive information.
Hal Hamilton commented
We have several clients that are already using two factor authentication and are wanting that ability with DocuWare on-premise and cloud. We are also hearing from other clients that they too need to adapt to two factor authentication due to the material and information that their Fortis/DocuWare systems are handling such as SS#, HIPAA information, FERPA, etc. This needs to be added to the road map as soon as possible.
DELFORGE Clément commented
needed onPremise too.